Hi,
comparing Turbine4-M1, Turbine4-M2 and current trunk 4.0-SNAPSHOT I took
some notes, which may now get their (right) place in this list to have
some more reviewing and discussion. Sorry for this lengthy mail!
I started with a user model as an example and sketching the situations
with some (pseudo) code. User instantiation is the first place, where a
new user model comes into place - may be a good starting point.
To get a new user instance in
1) turbine-4-m1
2) turbine-4-m2, turbine-4-SNAPSHOT
consider this (pseudocode) examples in
1) org.apache.turbine.services.security.TurbineSecurity.getUserInstance()
{
return getService().getUserInstance()
}
where service could be e.g.
org.apache.turbine.services.security.BaseSecurityService and userInstance
looks like
"return (org.apache.turbine.om.security.User)
getUserClass().newInstance();".
The userClass / userInstance is configured in Turbine configuration e.g.
setting
services.SecurityService.user.class=
org.apache.turbine.om.security.TurbineUser
which is the default user class.
The contract interface is org.apache.turbine.om.security.User.
2) As configured by default
services.SecurityService.user.manager =
org.apache.turbine.services.security.DefaultUserManager
the method getUserInstance has a wrapped user instance:
TurbineUser u = umDelegate.getUserInstance(); (1)
return wrap(u); (2)
(1) umDelegate object implements
org.apache.fulcrum.security.model.turbine.TurbineUserManager (e.g.
org.apache.fulcrum.security.torque.turbine.TorqueTurbineUserManagerImpl.
The userInstance may be delegating further e.g. in
org.apache.fulcrum.security.spi.AbstractUserManager.getUserInstance() and
may look like this
return T user = (T) Class.forName(getClassName()).newInstance();
where the className is configured again in Fulcrum XML configuration e.g.
<userManager><className>... // e.g. Torque generated ORM- class
(2) The wrap code is similar to
return new DefaultUserImpl(user);
It just wraps the user object to keep the contract.
org.apache.turbine.om.security.DefaultUserImpl is an implementation of
org.apache.turbine.om.security.User and wraps
org.apache.fulcrum.security.model.turbine.entity.TurbineUser, e.g. your
ORM class (see below) or as an example
org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl.
The contract interface is <T extends org.apache.turbine.om.security.User>.
Interfaces
This is may be the most important thing to understand, that the same User
interface has been broken up and the semantics changed a little bit.
1) - (org.apache.turbine.om.security.TurbineUser is a class)
org.apache.turbine.om.security.User (password, email, firstName,
lastName, confirmed, createDate, loggedin, accessCounter, perm, temp,
updateLastLogin, tempStorage,permStorage)
-> org.apache.turbine.om.security.SecurityEntity (name, id,
idAsObject)
-> ..
2) org.apache.turbine.om.security.User (confirmed, createDate, loggedin,
accessCounter, perm, temp, updateLastLogin, tempStorage,permStorage)
-> org.apache.fulcrum.security.model.turbine.entity.TurbineUser (-)
-> org.apache.fulcrum.security.entity.ExtendedUser (email,
firstName, lastName, objectData)..
-> org.apache.fulcrum.security.entity.User (password)
-> org.apache.fulcrum.security.entity.SecurityEntity
(name,id)
->
org.apache.fulcrum.security.model.turbine.entity.TurbineUserGroupRoleEntity
(userGroupRoleSet, add-/removeUserGroupRoleSet)
-> ..
As a result there is now NO TurbineUser class any more (except
occasionally a ORM generated class), but instead a new interface (in a
different package) with some additional methods (cft.
TurbineUserGroupRoleEntity) is present. This makes sense as the
TurbineUser is now a special case in Fulcrum Security.
Default classes
1) org.apache.turbine.om.security.TurbineUser implements
org.apache.turbine.om.security.User
2) org.apache.turbine.om.security.DefaultUserImpl implements
org.apache.turbine.om.security.User
Delegates
1) -
2) org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl
(email, firstName, lastName, password, objectData)
Interfaces
-> org.apache.fulcrum.security.model.turbine.entity.TurbineUser
Extended classes
->
org.apache.fulcrum.security.model.turbine.entity.impl.AbstractTurbineSecurityEntityImpl
-> org.apache.fulcrum.security.entity.impl.SecurityEntityImpl
(equals, hashCode, toString)
Interfaces
-> org.apache.fulcrum.security.entity.SecurityEntity (id,
name)
Security/Authentication is now separated and moved into Fulcrum Security.
Caveats
Moved properties
- Email, FirstName, LastName, Password
The getter/setter for email, firstName, lastName, password moved from
org.apache.turbine.om.security.User to the new interface
org.apache.fulcrum.security.model.turbine.entity.TurbineUser. Password is
now kept in a separate interface org.apache.fulcrum.security.entity.User,
the other setter/getter methods are in
org.apache.fulcrum.security.entity.ExtendedUser.
- Name and Id
Old: org.apache.turbine.om.security.SecurityEntity
New: org.apache.fulcrum.security.entity.SecurityEntity
The id getter/setter methods expect now an Object, while in Turbine M1
version an int primitive type was expected. The old version had a special
accessor idAsObject, which is now removed.
The new model properties entityId and entityName correspond probably to id
and name in some way..
Old and New
Turbine Interface: org.apache.turbine.om.security.User
Old implementation class: org.apache.turbine.om.security.TurbineUser
New implementation class: org.apache.turbine.om.security.DefaultUserImpl
New extracted Fulcrum interface:
org.apache.fulcrum.security.model.turbine.entity.TurbineUser
New (example) implementation class:
org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl.
Another implementation class is
org.apache.fulcrum.security.torque.turbine.TorqueAbstractTurbineUser,
which provides some extra methods (delete, databaseName, entityId,
entityName, update, retrieveAttachedObjects, cft.
org.apache.fulcrum.security.torque.TorqueAbstractSecurityEntity).
org.apache.fulcrum.security.entity.ExtendedUser contains
org.apache.fulcrum.security.entity.User (password only getter/setter).
Torque
Building Torque ORM could be done using as base class
org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl
(optionally
org.apache.fulcrum.security.torque.turbine.TorqueAbstractTurbineUser), but
it´s NOT required.
e.g. <table name="turbine_user" idMethod="native"
baseClass="org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl"
(or better just leave it blank)
interface="org.apache.fulcrum.security.model.turbine.entity.TurbineUser">
(To be sure - the generated class in this case is just named TurbineUser
by default ;-)
SecurityService, UserManager
Both could be found in Turbine and Fulcrum. As said in
http://turbine.apache.org/turbine/turbine-4.0-M2/services/security-service.html
. Fulcrum Managers are just delegates and should/could only be used from
Turbine services in Turbine context.
Examples
org.apache.turbine.services.security.SecurityService (userInstance,
getUser..)
org.apache.turbine.services.security.UserManager (userInstance,
authenticate
org.apache.fulcrum.security.SecurityService (userManager, ..)
org.apache.fulcrum.security.UserManager (userInstance, authenticate
Discussion
- No configurable wrapper?
org.apache.turbine.services.security.DefaultUserManager has hard coded
DefaultUserImpl as a wrapper in the wrap method. If its not configurable
you have to setup your onw user manager (extending DefaultUserManager and
overriding the wrap method ) and set it in TR.properties to
services.SecurityService.user.manager.
- Be aware if using TurbineUserImpl the name property is set to "
toLowerCase"!
In
org.apache.fulcrum.security.entity.impl.SecurityEntityImpl.setName(String),
which is used in TurbineUserImpl (and its also in
org.apache.fulcrum.security.torque.TorqueAbstractSecurityEntity.setName(String)
org.apache.fulcrum.security.torque.TorqueAbstractUserManager.getUser(String))
name is set toLowerCase.
If its a kind of legacy support/Turbine feature, it neverthelesse should
be made more explicitely IMO (in my case I need it case sensitive).
- Should entityId, entityName be included in
org.apache.fulcrum.security.entity.SecurityEntity, as it is used by
default in Security Torque? I think there COULD be some confusion about so
many "entity"s (as package, name part, plain property, but not interfaced)
;-)
Don´t hesitate to answer or pointing me to faults, better solutions, etc.
!
Best regards, Georg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
