[Acegisecurity-developer] ACL for massive databases

2006-01-21 Thread David Berkowicz 
Hi
I wonder if anybody has any experience with very large databases (few
very long tables - millions of rows) and ACL. Theoretically, domain
object level access control is exactly what our application needs, but
I have a conceptual 'gap' in seeing how this could be done without
creating an similarly massive AC table. Any ideas or pointers would be
greatly appreciated.
David.


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] ACL for massive databases

2006-01-21 Thread David Medinets 
I did some developmental work with ACL and large tables at a previous
company. However, I did not use ACEGI. I didn't know about ACEGI at
the time. Instead I used GUID values at keys with various entities
having various permissions to access specific GUiDs. I used
materialized views in Oracle to keep the query response time
managable.

On 1/21/06, David Berkowicz [EMAIL PROTECTED] wrote:
 Hi
 I wonder if anybody has any experience with very large databases (few
 very long tables - millions of rows) and ACL. Theoretically, domain
 object level access control is exactly what our application needs, but
 I have a conceptual 'gap' in seeing how this could be done without
 creating an similarly massive AC table. Any ideas or pointers would be
 greatly appreciated.
 David.


 ---
 This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
 for problems?  Stop!  Download the new AJAX search engine that makes
 searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
 http://sel.as-us.falkag.net/sel?cmdlnkkid3432bid#0486dat1642
 ___
 Home: http://acegisecurity.org
 Acegisecurity-developer mailing list
 Acegisecurity-developer@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

RE: [Acegisecurity-developer] SiteMinder Integeration with spring richclient

2006-01-21 Thread scott 



Amad,
 Most client-server apps I've seen require that 
the user authenticates into the *client's* entry point and not at the server's 
entry point, thay way each request to the server includes a pre-authenticated 
principal. Siteminder assumes that all requests come to the server *first* 
so that it can redirect the browser to a login page as required. I don't 
think Siteminder is what you want for your rich-client project, and since 
Siteminder is usually backed by an LDAP server, you may wish to authenticate 
directly to that. I understand that Luke has been working hard on greatly 
improved LDAP code in, and since the last version.
 Scott

  
  
  From: Amad Fida [mailto:[EMAIL PROTECTED] 
  Sent: Saturday, January 21, 2006 5:19 PMTo: 
  acegisecurity-developer@lists.sourceforge.netSubject: Re: 
  [Acegisecurity-developer] SiteMinder Integeration with spring 
  richclient
  
  Thanks, Scott. I didn't realize that this could be such a 
  big problem. As rich client uses spring services to interact with server-side 
  and there is acegi authentication manager in place. And if there was some 
  SiteMinderAuthenticationProvider which can be plugged in here, wouldn't that 
  solve my problem?AmadScott McCrory 
  [EMAIL PROTECTED] wrote:
  
I've never seen Siteminder used to protect client-side apps because 
we've always used it as a server-side ISAPI filter or Apache 
module.I'd recommend first checking with Siteminder to see what 
their solutions are for rich client apps, then once you know the mechanism 
of how the user's identity is passed into your app, then you can figure out 
what kind of adapter is necessary.
Good luck!
Scott
Quoting Amad Fida [EMAIL PROTECTED]: All 
- We have spring rcp based app, which is deployed using Java 
Webstart.  In rich client case there is method level security and 
not the URL  filter based security. And we also have our own login 
dialog which we  present user at startup to 
authenticate. I am not sure how do we use SiteMinder 
authentication in this setup? One possibility is to 
protected the jnlp link and use the Siteminder  authentication 
filters but once authenticated how does the richclient  knows about 
that authentication to get authorization info? Any ideas or 
help will he greatly appreciated. 
Amad 
- Yahoo! Photos Ring in the 
New Year with Photo Calendars. Add photos, events,  holidays, 
whatever.
  
  
  Yahoo! Photos  Showcase holiday pictures in hardcoverPhoto 
  Books. You design it and well bind it!

Re: [Acegisecurity-developer] JSF Components for Acegi

2006-01-21 Thread Ben Alex 

Cagatay Civici wrote:


 http://www.jroller.com/page/cagataycivici

http://horde/services/go.php?url=http%3A%2F%2Fwww.jroller.com%2Fpage%2Fcagataycivici

Thanks for publishing this. I've added a link to it on the Acegi 
Security articles page.


Best regards
Ben


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] ACL for massive databases

2006-01-21 Thread Ben Alex 

David Medinets wrote:

I did some developmental work with ACL and large tables at a previous
company. However, I did not use ACEGI. I didn't know about ACEGI at
the time. Instead I used GUID values at keys with various entities
having various permissions to access specific GUiDs. I used
materialized views in Oracle to keep the query response time
managable.
  
I've also used views at a RDBMS level instead of relying on Acegi 
Security to ACL filter very large tables. However, the underlaying 
tables which the views used were structured so that I could also use 
them with an Acegi Security BasicAclDao implementation. This let me use 
the RDBMS where appropriate (large tables) and Acegi Security/Java for 
the rest (including managing the ACL entries in the table).


Cheers
Ben


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer