Re: [Acegisecurity-developer] ACL Assistance and Questions

2004-12-23 Thread Ben Alex 
Matthew E.Porter wrote:
Greetings.  I am looking for some guidance on the ACL system and how 
to integrate it into our application.  Furthermore, I plan to get the 
second article out for Javalobby within the next week or two.  Any 
help is appreciated.

In our application, we define domains (i.e. companies).  Objects of 
different types belong to each domain.  For example, each domain has a 
set of servers assigned to it.  In addition, there is a set of users 
assigned to the domain.  For example, the Contegix  domain contains 
Server1, Server2, and Server17.  Each domain has one or more 
administrators which should have unrestricted access to any object 
tied to the domain.  Furthermore, domains can be nested.

As I am trying to get my head wrapped around the ACL system in Acegi, 
I am having difficulties finding the best way to apply permissions and 
restrictions.

Cheers,
  Matthew
Hi Matthew
As per our Skype session (for the benefit of the list archives):
The most important thing is to ensure your real domain object model 
has a map generated in acl_object_identity, so the ACL services know 
about the relationships. The most convenient way to build and maintain 
this map is via your services layer methods (eg 
DomainManager.create(Domain)) calling a BasicAclExtendedDao 
implementation. The included implementation, JdbcExtendedDaoImpl, will 
probably do the trick. Your services layer create and delete methods 
just call the corresponding BasicAclExtendedDao methods as your domain 
object instances are created and deleted.

With your particular object model, you'd be best off having a single 
users database. Thus you can use LDAP or CAS etc in the future. Users 
therefore sign up with the service provider and get added to the 
single users database. You'd create a root top level 
acl_object_identity, which you assign the service provider's 
administrative users against. Every Domain then uses either that top 
level root as its parent, or another Domain. Thus your service 
provider administrative users have proper, default access to every 
Domain. Servers use a Domain as their parent (only so far as the 
acl_object_identity is concerned - your actual domain object model and 
its ORM mapping is a matter of your choice).

You can then write a separate acl administration use case which deals 
with giving customers (from your single users database) access to the 
appropriate acl_object_identity. Again, a BasicAclExtendedDao 
implementation is your friend and will automate interaction with the 
backend ACL database.

Hope this helps.
Ben

---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
___
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

[Acegisecurity-developer] Preparing for 0.7.0

2004-12-23 Thread Ben Alex 
Hi everyone
I am happy to report that Ant has now been officially removed from CVS 
(along with /lib/*.jar). The Maven build is now performing well, and the 
web site at http://acegisecurity.sourceforge.net has been expanded to 
include Maven-specific instructions. The only outstanding issue is the 
reference guide (when exported to PDF) doesn't look quite right. Carlos 
is working on that one...

Now that our build system is production-ready, we should release 0.7.0. 
There are lots of new features and fixes in CVS that I think users would 
like. If you happen to get any free time over the next few days, please 
feel free to try out the latest CVS with your projects. I am 
particularly keen to ensure the Maven instructions are correct, and the 
0.7.0 refactorings haven't adversely affected backward compatibility. 
There is an 0.6 to 0.7.0 upgrade document on the web site, and unit test 
coverage is at 95%+. If you have any suggestions or issues, please email 
the list.

And, finally...:
public class ItsThatTimeOfYear implements InitializingBean, 
ApplicationContextAware {
 private ApplicationContext context;

 public void setApplicationContext(ApplicationContext applicationContext) {
   this.context = applicationContext;
 }
 public void afterPropertiesSet() throws Exception {
   this.context.publishEvent(new MerryChristmas());
 }
}
Cheers
Ben

---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
___
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer