Re: [Acegisecurity-developer] MSc thesis on middle tier security
Johan Andries wrote: One thing the integrated CAS SSO lacks is the fact that it limits the user to browser-only applications because the system uses HTTP redirects. At least, that's what I found out while reading the docs. So this is, AFAIK, an important reason why it would be interesting for other SSO systems to be integrated in acegi. There is currently a CAS 3.0 in development that while maintaining full CAS 2.0 protocol compatibility will support remoting the CAS protocol (either out of the box or through extension). In CVS (http://www.uportal.org/cgi-bin/viewcvs.cgi/cas3/) we have some code showing this (a warning that we are in the midst of a major refactoring so the code is currently in a state of flux and much of it is sitting on my PC ;-)). You can also learn more about CAS 3 on the CAS Wiki @ http://jasigch.princeton.edu:9000/display/CAS As Ben mentioned in an email, both Dmitriy and I are commiters for both projects so if there are any "CAS 3" clients, you can be sure Acegi will know what to do with them ;-) Currently however, the CAS 2.0 clients should be sufficient. Thanks Scott Battaglia Application Developer, New Technology Group Enterprise Systems and Services, Rutgers University v: 732.445.0097 | f: 732.445.5493 | [EMAIL PROTECTED] --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] MSc thesis on middle tier security
Johan Andries wrote: Vladimir Horev wrote: Hi all! Could you please explain me what lacks CAS that we need to write an additional single sign on system? In general, which features are you going to implement in near future? I mean, I have no strong preference, but I feel that a sample application is not sufficient for me. One thing the integrated CAS SSO lacks is the fact that it limits the user to browser-only applications because the system uses HTTP redirects. At least, that's what I found out while reading the docs. So this is, AFAIK, an important reason why it would be interesting for other SSO systems to be integrated in acegi. The "cas" mailing list contains various situations in which people have used CAS 2 with client-side applications. Indeed I am pretty sure I can recall some Acegi Security users using CAS integration from client-side apps as well. If you visit http://jasigch.princeton.edu:9000/display/CAS/CAS3+Design+and+Development you'll see the design work going on for CAS 3.0. Scott Battaglia and Dmitriy Kopylenko are committers on both the CAS 3 and Acegi Security projects, thus helping to ensure ongoing compatibility. You might be interested in emailing Scott and Dmitriy regarding opportunities to contribute to CAS 3.0. If Vladimir is still looking for an area for his thesis, I think there would probably be value focusing on some of the features mentioned earlier on this thread. Things like addressing ACL filtering with pagination, or ACL mutation of objects with Hibernate, would be of great value to many in the community and are part of practical "real world" security requirements of enterprise applications. Best regards Ben --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] MSc thesis on middle tier security
Vladimir Horev wrote: Hi all! Could you please explain me what lacks CAS that we need to write an additional single sign on system? In general, which features are you going to implement in near future? I mean, I have no strong preference, but I feel that a sample application is not sufficient for me. One thing the integrated CAS SSO lacks is the fact that it limits the user to browser-only applications because the system uses HTTP redirects. At least, that's what I found out while reading the docs. So this is, AFAIK, an important reason why it would be interesting for other SSO systems to be integrated in acegi. Regards, Johan --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] MSc thesis on middle tier security
Hi all! Could you please explain me what lacks CAS that we need to write an additional single sign on system? In general, which features are you going to implement in near future? I mean, I have no strong preference, but I feel that a sample application is not sufficient for me. Ben, a couple of days ago I've seen your posting where you mentioned that it is not difficult to use acegi security with struts framework. Is there any doc, I could have a look at about this? kindest regards, Vladimir. Hi Vladimir What exactly would you like to write? A sample application, an extension, something else? There's no shortage of extensions you could write to the security framework if that was your interest. Did you have a particular area you wanted to focus on? I sent an email to the list yesterday with some simple features we'd like to add, but there are also some more complex areas you might like to consider such as add additional single sign on systems, enabling client certificate authentication, and digitally signing change reports (in a browser window) etc. Best regards Ben --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] MSc Thesis on middle tier security
Hi all, I believe it was me who brought up the issue of paginating collection results. That issue along with everything else that is being discussed in this thread is of great interest to me because of the project we are using Acegi on will need to make use of all those functions. So if there is anything i can do to help with in this area, I would be happy to do so. I believe that code created for this purpose in the Acegi library will be invaluable to the open-source community for those who are looking to avoid re-inventing the wheel when it comes to filtering collections of secure objects. -tim On Dec 31, 2004, at 5:07 PM, Ben Alex wrote: Sergio Berna wrote: Andy, I agree that filtering the method response is a fascinating area. The only problem I have always found on filtering a method response is that it doesn't scale properly when performance is an issue. I'm particularly thinking on Collections here, where the full collection check for permissions would degrade performance on big enough collections. Maybe providing "intelligent" collections and Iterators that perform the security check when accessed could be a wiser approach for that area (like hibernate for lazy load modification). That would imply that a response from a method would be a proxy on the original object that enforces all the security restrictions specified. A generated object wrapper for collections and POJOs that enforces security would be an interesting extension. The necessary hook to add the wrapper is already provided via the AfterInvocationManager. An alternative approach would be to use AspectWerks, rather than something like CGLIB. The nice thing about AspectWerks is a suitable AbstractSecurityInterceptor subclass could also be written that enforces security on domain object instances. In terms of performance, I would never advocate running the existing ACL-based AfterInvocationProviders against large Collections, because not only is there a performance issue at a JVM level to iterate every Collection element, but far more importantly there is the JDBC cost of obtaining the AclEntry[]s from the AclManager. Whilst they do get cached, the AclEntry[]s obviously need to come from the database at some point. This Collection size issue reminds me of someone who was looking for a solution to paginating their Collection results, where the AfterInvocationManager may remove elements. They wanted to ensure the page size was always honoured, even if certain elements were removed due to security. A solution I think was suggested was to retrieve more elements than needed, knowing the AfterInvocationManager would likely remove some of them. I think an alternative was to use a utility class on the client-side, to recall the relevant method repeatedly until the required Collection size is received. A more elegant approach to this problem might be considered in any improvements to the existing AfterInvocationProviders, or any new implementations thereof. Ben --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] MSc Thesis on middle tier security
Sergio Berna wrote: Andy, I agree that filtering the method response is a fascinating area. The only problem I have always found on filtering a method response is that it doesn't scale properly when performance is an issue. I'm particularly thinking on Collections here, where the full collection check for permissions would degrade performance on big enough collections. Maybe providing "intelligent" collections and Iterators that perform the security check when accessed could be a wiser approach for that area (like hibernate for lazy load modification). That would imply that a response from a method would be a proxy on the original object that enforces all the security restrictions specified. A generated object wrapper for collections and POJOs that enforces security would be an interesting extension. The necessary hook to add the wrapper is already provided via the AfterInvocationManager. An alternative approach would be to use AspectWerks, rather than something like CGLIB. The nice thing about AspectWerks is a suitable AbstractSecurityInterceptor subclass could also be written that enforces security on domain object instances. In terms of performance, I would never advocate running the existing ACL-based AfterInvocationProviders against large Collections, because not only is there a performance issue at a JVM level to iterate every Collection element, but far more importantly there is the JDBC cost of obtaining the AclEntry[]s from the AclManager. Whilst they do get cached, the AclEntry[]s obviously need to come from the database at some point. This Collection size issue reminds me of someone who was looking for a solution to paginating their Collection results, where the AfterInvocationManager may remove elements. They wanted to ensure the page size was always honoured, even if certain elements were removed due to security. A solution I think was suggested was to retrieve more elements than needed, knowing the AfterInvocationManager would likely remove some of them. I think an alternative was to use a utility class on the client-side, to recall the relevant method repeatedly until the required Collection size is received. A more elegant approach to this problem might be considered in any improvements to the existing AfterInvocationProviders, or any new implementations thereof. Ben --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
RE: [Acegisecurity-developer] MSc Thesis on middle tier security
Andy, I agree that filtering the method response is a fascinating area. The only problem I have always found on filtering a method response is that it doesn't scale properly when performance is an issue. I'm particularly thinking on Collections here, where the full collection check for permissions would degrade performance on big enough collections. Maybe providing "intelligent" collections and Iterators that perform the security check when accessed could be a wiser approach for that area (like hibernate for lazy load modification). That would imply that a response from a method would be a proxy on the original object that enforces all the security restrictions specified. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Andy Depue Enviado el: viernes, 31 de diciembre de 2004 0:26 Para: acegisecurity-developer@lists.sourceforge.net Asunto: Re: [Acegisecurity-developer] MSc Thesis on middle tier security The new model object filtering is a fascinating area in my mind. One thing we've implemented (before Acegi had its own filtering) is the ability to filter down to the property level on an object. In other words, you can secure a specific property and if someone doesn't have clearance then the property will be cleared. This introduces all sorts of interesting problems in some scenarios. For example, in our case the value objects passed back and forth between clients and server side services double as our Hibernate data object model. In other words, we don't have separate value objects but instead use a single data object model for both data access and service invocation. This gets quite tricky when you combine it with property level filtering. Imagine a service method that returns a model object with several properties filtered out. The user then makes some changes to the object and sends it back in another service call to be updated. What the user sends back to the server is a partial object in that some of the properties are blank since they were secured from the client to begin with. If you persisted the object as-is, then Hibernate would blindly write those cleared property values back to the DB - very bad. Oh, and don't forget that some properties could be secured for a particular client so that they are read-only or even write-only. And don't forget to throw a security exception if the client tries to pass a value in a non-writeable field. And then there's recursive data structures to contend with... property values that are themselves collections of securable objects... and if you filtered a collection of securable objects from a property, and the client returns that object to the server to be updated, how do you determine if the client legitimately removed an object from the collection, or if the object was filtered due to security? You wouldn't want to have hibernate persist the collection as-is, or it would remove from the DB objects that were only filtered for security reasons. Fun stuff, eh? - Andy On Thursday 30 December 2004 01:49 pm, Vladimir Horev wrote: > Hello list! > > I'm planning to write a MSc thesis on the subject of business tier > security. My idea was to take part of some open source project (acegi) > and develop some component that I could use in my thesis. Could you > recommend me something on that? > > regards, Vladimir > > > --- > The SF.Net email is sponsored by: Beat the post-holiday blues > Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. > It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt > ___ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.6.7 - Release Date: 30/12/2004 smime.p7s Description: S/MIME cryptographic signature
Re: [Acegisecurity-developer] MSc Thesis on middle tier security
The new model object filtering is a fascinating area in my mind. One thing we've implemented (before Acegi had its own filtering) is the ability to filter down to the property level on an object. In other words, you can secure a specific property and if someone doesn't have clearance then the property will be cleared. This introduces all sorts of interesting problems in some scenarios. For example, in our case the value objects passed back and forth between clients and server side services double as our Hibernate data object model. In other words, we don't have separate value objects but instead use a single data object model for both data access and service invocation. This gets quite tricky when you combine it with property level filtering. Imagine a service method that returns a model object with several properties filtered out. The user then makes some changes to the object and sends it back in another service call to be updated. What the user sends back to the server is a partial object in that some of the properties are blank since they were secured from the client to begin with. If you persisted the object as-is, then Hibernate would blindly write those cleared property values back to the DB - very bad. Oh, and don't forget that some properties could be secured for a particular client so that they are read-only or even write-only. And don't forget to throw a security exception if the client tries to pass a value in a non-writeable field. And then there's recursive data structures to contend with... property values that are themselves collections of securable objects... and if you filtered a collection of securable objects from a property, and the client returns that object to the server to be updated, how do you determine if the client legitimately removed an object from the collection, or if the object was filtered due to security? You wouldn't want to have hibernate persist the collection as-is, or it would remove from the DB objects that were only filtered for security reasons. Fun stuff, eh? - Andy On Thursday 30 December 2004 01:49 pm, Vladimir Horev wrote: > Hello list! > > I'm planning to write a MSc thesis on the subject of business tier > security. My idea was to take part of some open source project (acegi) > and develop some component that I could use in my thesis. Could you > recommend me something on that? > > regards, Vladimir > > > --- > The SF.Net email is sponsored by: Beat the post-holiday blues > Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. > It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt > ___ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > Acegisecurity-developer@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] MSc Thesis on middle tier security
Vladimir Horev wrote: Hello list! I'm planning to write a MSc thesis on the subject of business tier security. My idea was to take part of some open source project (acegi) and develop some component that I could use in my thesis. Could you recommend me something on that? regards, Vladimir Hi Vladimir What exactly would you like to write? A sample application, an extension, something else? There's no shortage of extensions you could write to the security framework if that was your interest. Did you have a particular area you wanted to focus on? I sent an email to the list yesterday with some simple features we'd like to add, but there are also some more complex areas you might like to consider such as add additional single sign on systems, enabling client certificate authentication, and digitally signing change reports (in a browser window) etc. Best regards Ben --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] MSc Thesis on middle tier security
Hello list! I'm planning to write a MSc thesis on the subject of business tier security. My idea was to take part of some open source project (acegi) and develop some component that I could use in my thesis. Could you recommend me something on that? regards, Vladimir --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer