[Acegisecurity-developer] ACL for massive databases
Hi I wonder if anybody has any experience with very large databases (few very long tables - millions of rows) and ACL. Theoretically, domain object level access control is exactly what our application needs, but I have a conceptual 'gap' in seeing how this could be done without creating an similarly massive AC table. Any ideas or pointers would be greatly appreciated. David. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] ACL for massive databases
I did some developmental work with ACL and large tables at a previous company. However, I did not use ACEGI. I didn't know about ACEGI at the time. Instead I used GUID values at keys with various entities having various permissions to access specific GUiDs. I used materialized views in Oracle to keep the query response time managable. On 1/21/06, David Berkowicz [EMAIL PROTECTED] wrote: Hi I wonder if anybody has any experience with very large databases (few very long tables - millions of rows) and ACL. Theoretically, domain object level access control is exactly what our application needs, but I have a conceptual 'gap' in seeing how this could be done without creating an similarly massive AC table. Any ideas or pointers would be greatly appreciated. David. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmdlnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] SiteMinder Integeration with spring richclient
Amad, Most client-server apps I've seen require that the user authenticates into the *client's* entry point and not at the server's entry point, thay way each request to the server includes a pre-authenticated principal. Siteminder assumes that all requests come to the server *first* so that it can redirect the browser to a login page as required. I don't think Siteminder is what you want for your rich-client project, and since Siteminder is usually backed by an LDAP server, you may wish to authenticate directly to that. I understand that Luke has been working hard on greatly improved LDAP code in, and since the last version. Scott From: Amad Fida [mailto:[EMAIL PROTECTED] Sent: Saturday, January 21, 2006 5:19 PMTo: acegisecurity-developer@lists.sourceforge.netSubject: Re: [Acegisecurity-developer] SiteMinder Integeration with spring richclient Thanks, Scott. I didn't realize that this could be such a big problem. As rich client uses spring services to interact with server-side and there is acegi authentication manager in place. And if there was some SiteMinderAuthenticationProvider which can be plugged in here, wouldn't that solve my problem?AmadScott McCrory [EMAIL PROTECTED] wrote: I've never seen Siteminder used to protect client-side apps because we've always used it as a server-side ISAPI filter or Apache module.I'd recommend first checking with Siteminder to see what their solutions are for rich client apps, then once you know the mechanism of how the user's identity is passed into your app, then you can figure out what kind of adapter is necessary. Good luck! Scott Quoting Amad Fida [EMAIL PROTECTED]: All - We have spring rcp based app, which is deployed using Java Webstart. In rich client case there is method level security and not the URL filter based security. And we also have our own login dialog which we present user at startup to authenticate. I am not sure how do we use SiteMinder authentication in this setup? One possibility is to protected the jnlp link and use the Siteminder authentication filters but once authenticated how does the richclient knows about that authentication to get authorization info? Any ideas or help will he greatly appreciated. Amad - Yahoo! Photos Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever. Yahoo! Photos Showcase holiday pictures in hardcoverPhoto Books. You design it and well bind it!
Re: [Acegisecurity-developer] JSF Components for Acegi
Cagatay Civici wrote: http://www.jroller.com/page/cagataycivici http://horde/services/go.php?url=http%3A%2F%2Fwww.jroller.com%2Fpage%2Fcagataycivici Thanks for publishing this. I've added a link to it on the Acegi Security articles page. Best regards Ben --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] ACL for massive databases
David Medinets wrote: I did some developmental work with ACL and large tables at a previous company. However, I did not use ACEGI. I didn't know about ACEGI at the time. Instead I used GUID values at keys with various entities having various permissions to access specific GUiDs. I used materialized views in Oracle to keep the query response time managable. I've also used views at a RDBMS level instead of relying on Acegi Security to ACL filter very large tables. However, the underlaying tables which the views used were structured so that I could also use them with an Acegi Security BasicAclDao implementation. This let me use the RDBMS where appropriate (large tables) and Acegi Security/Java for the rest (including managing the ACL entries in the table). Cheers Ben --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer