Re: T5: access control (again)
On Jan 6, 2008 10:29 AM, Chris Lewis [EMAIL PROTECTED] wrote: I remember reading in the acegi docs that it was possible to swap-out the usage of spring. I feel like you'll find it's not too difficult to do. I realize I say this out of ignorance but T5 IoC is quite easy to get your head around, and as you know your way around spring and acegi... Anyway, thanks for the input and do let me know how you find it. My acegi package tapestry5-acegi, doesn't require any knowledge or explicit use of spring. Yes, acegi uses spring internally, but it's completely transparent from the developer if they choose not to use spring. As far as the documentation is lacking, I agree, but there should be enought information on the wiki and webpage to get you started. http://www.localhost.nu/java/tapestry5-acegi -- regards, Robin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5: access control (again)
I understand - I have looked through the tapestry-acegi wiki and the site, and they only talk about the T5 side (where as you agreed that the docs are lacking, your are right in that they are sufficient). Where I'm lost is how to set up acegi, how its invocations work, what the schema requirements are, how its loaded, etc etc. The acegi site clearly says spring can be removed from acegi, but it basically says that would be dumb, and of course says you must know spring to follow the docs. That's seems a bit circular. Of course the response could be that I'm too lazy to learn spring and perhaps that'd be somewhat water proof. I'd word it by saying I have no legitimate need and zero interest in learning spring - I want access control, not another ioc container. Let me close by clarifying my tone as I've been told I come across as harsh. I am not bashing spring, acegi, or the tapestry integration. What I am saying is that as a developer with no use for spring, using the t5 acegi module appears to be a bad choice for me as I do not know acegi at all, and learning it, by way of transitive dependencies, requires me to learn spring. chris Robin Helgelin wrote: On Jan 6, 2008 10:29 AM, Chris Lewis [EMAIL PROTECTED] wrote: I remember reading in the acegi docs that it was possible to swap-out the usage of spring. I feel like you'll find it's not too difficult to do. I realize I say this out of ignorance but T5 IoC is quite easy to get your head around, and as you know your way around spring and acegi... Anyway, thanks for the input and do let me know how you find it. My acegi package tapestry5-acegi, doesn't require any knowledge or explicit use of spring. Yes, acegi uses spring internally, but it's completely transparent from the developer if they choose not to use spring. As far as the documentation is lacking, I agree, but there should be enought information on the wiki and webpage to get you started. http://www.localhost.nu/java/tapestry5-acegi
Re: T5: access control (again)
On Jan 6, 2008 11:35 AM, Chris Lewis [EMAIL PROTECTED] wrote: Let me close by clarifying my tone as I've been told I come across as harsh. I am not bashing spring, acegi, or the tapestry integration. What I am saying is that as a developer with no use for spring, using the t5 acegi module appears to be a bad choice for me as I do not know acegi at all, and learning it, by way of transitive dependencies, requires me to learn spring. I can't disagree with that, it's true :). However, I'm glad to help with adding things to the acegi module that will make things even easier, so that you don't have to look at spring at all. -- regards, Robin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: T5: access control (again)
Ok :-). Here's my wish list: 1. Remove Spring as a dependency. However stupid this is according to the Spring developers, it would be valuable to me (and I;m sure others like me). Apparently this isn't too difficult to do: http://www.acegisecurity.org/standalone.html 2. Provide some kind of quick start that includes what you shared in the wiki, but also covers getting acegi bootstrapped properly (schema, etc etc). Of course the line between what you should provide and what is already provided is a bit blurry. I've started reading through http://www.acegisecurity.org/guide/springsecurity.html, which covers pretty much everything from A-Z. The unfortunate part, and unfortunately unexpected given java's rep, is that it is so complex and verbose. I don't personally think that implementing a simple but secure authentication system with users and roles has to be so complicated. Again it's clearly not your job to document acegi, but a simple quick start or common use case would get us close to not needing spring docs, or require us to digest the whole acegi manual. My 2 cents. Thanks for listening and contributing. chris Robin Helgelin wrote: On Jan 6, 2008 11:35 AM, Chris Lewis [EMAIL PROTECTED] wrote: Let me close by clarifying my tone as I've been told I come across as harsh. I am not bashing spring, acegi, or the tapestry integration. What I am saying is that as a developer with no use for spring, using the t5 acegi module appears to be a bad choice for me as I do not know acegi at all, and learning it, by way of transitive dependencies, requires me to learn spring. I can't disagree with that, it's true :). However, I'm glad to help with adding things to the acegi module that will make things even easier, so that you don't have to look at spring at all.
T5: access control (again)
Dear list - specifically all those having successful access control implementations, I'd like to poll you for how you did it. Not so much the action of authentication, but more so how access is monitored and restricted. This is a well-known problem in general, but I've yet to see a satisfactory and pluggable implementation. First, the basic details: A user can have one or more roles, and roles determine what that user can and can't do/see/access. As I said, this is a well-known problem and there's even an existing library for the task: tapestry-acegi. The good thing about tapestry-acegi is its 2 simple components. The make perfect sense and make integration feel smooth and water-tight (ie, not leaky). The bad things are: 1) The documentation is basically non-existent and I have no idea how to get it set up. Using the components is a no brainer - its the infrastructure that loses me. 2) It requires foreknowledge of acegi. Ok, so I checked out those docs, which led me to: 3) Acegi docs explicitly state that knowledge of spring is required, so you must first know (or learn) that. That's where I draw the line. If you've read many posts from me, you may know that while I've been developing in Java for about 6 years I've specifically avoided using it for web because I've never felt it had it together. Yes its capable, but its been overly complex and fragmented. Yes there are open source options but none of them, including struts and spring, have been enough to convince me that investing my time in learning them was worth it. This changed when I started toying with tapestry and its perspective of development (so this probably includes wicket, web objects, and prado). I'm not bashing tapestry-acegi by any means. In fact I commend, thank, and cite in code the project as I used the idea of the IfLoggedIn component. It's both simple and elegant - but it requires knowledge that I don't have am not convinced is worth my having. So... what are any of you other ambitious T5ers using for this? Packaged tools? Home grown? I'm home growing one at the moment (specific to a project) and would love to share, but I want to know what anyone else is doing to solve this classic problem. sincerely, chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: T5: access control (again)
Chris, I'm about to embark on access control for a T5 app I'm building. Two years ago, I built a T4 app with Spring / Hibernate / Acegi. I had already digested much of the Spring docs even though I hadn't really used it, the Acegi docs obviously referred to Spring, and re-doing it in Hivemind when I was a rookie at Acegi, Spring and Hivemind didn't seem very bright. The key is that tapestry-ioc in T5 (and Hivemind for T4) can be used *instead* of Spring. The challenge is having the knowledge to accomplish this when all of the documentation on Acegi talks about Spring. Spring is mainly just a means to configure Acegi, and make sure that Acegi information gets moved in and out of the session. Now, I'm about to try tapestry-aceci. Fortunately, the access control for this app is far simpler than what I had to do in T4, and my knowledge of Acegi and Spring grew dramatically through that old project. I'll probably take the time to understand tapestry-ioc this time. Hopefully I'll have some real pearls of wisdom to offer in a few days. Jonathan -Original Message- From: Chris Lewis [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 6:43 PM To: Tapestry users Subject: T5: access control (again) Dear list - specifically all those having successful access control implementations, I'd like to poll you for how you did it. Not so much the action of authentication, but more so how access is monitored and restricted. This is a well-known problem in general, but I've yet to see a satisfactory and pluggable implementation. First, the basic details: A user can have one or more roles, and roles determine what that user can and can't do/see/access. As I said, this is a well-known problem and there's even an existing library for the task: tapestry-acegi. The good thing about tapestry-acegi is its 2 simple components. The make perfect sense and make integration feel smooth and water-tight (ie, not leaky). The bad things are: 1) The documentation is basically non-existent and I have no idea how to get it set up. Using the components is a no brainer - its the infrastructure that loses me. 2) It requires foreknowledge of acegi. Ok, so I checked out those docs, which led me to: 3) Acegi docs explicitly state that knowledge of spring is required, so you must first know (or learn) that. That's where I draw the line. If you've read many posts from me, you may know that while I've been developing in Java for about 6 years I've specifically avoided using it for web because I've never felt it had it together. Yes its capable, but its been overly complex and fragmented. Yes there are open source options but none of them, including struts and spring, have been enough to convince me that investing my time in learning them was worth it. This changed when I started toying with tapestry and its perspective of development (so this probably includes wicket, web objects, and prado). I'm not bashing tapestry-acegi by any means. In fact I commend, thank, and cite in code the project as I used the idea of the IfLoggedIn component. It's both simple and elegant - but it requires knowledge that I don't have am not convinced is worth my having. So... what are any of you other ambitious T5ers using for this? Packaged tools? Home grown? I'm home growing one at the moment (specific to a project) and would love to share, but I want to know what anyone else is doing to solve this classic problem. sincerely, chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
