A subject is the root/ abstract entity for a user, principals are
views or identities of a subject
Well I'm glad we all agree on that one :)
However as Eelco said a principal can be much more than just a role.
So i am a little reluctant to rename Principal to Role.
If i wanted to i could
Neither am i :) And you could be right about me misusing the
principal, but using the actions of a permission for read write and
then logically separating permissions with read from permissions with
write in different principals does not seem like stretch to me.
Maurice
On 6/29/07, craigdd
take maurice's post and substitute word permission for word principal,
define user/principal as an object that has a set of permissions, and it
makes perfect sense.
-igor
On 6/28/07, craigdd [EMAIL PROTECTED] wrote:
I understand what you are saying and I see how you have accomplished
Actually that is already how they work. Even though the Principal
class does not have methods for getting and setting the Permissions.
The mapping is done in the policy file like this.
grant principal ${RechtenSet} PageA.read
{
//read permission for all of page A
permission
Just my two cents but I think the API should change, or I guess not really
the API but the implementation(swarm) to better reflect industry naming
standards which will hopefully cut down on the confusion and hopefully make
it a little easier to integrate other security frameworks.
I use acegi as
I am open to suggestions for alternate names, or if someone could
point me to the naming standards :)
Right now swarm operates the following way: A user is associated with
1 or more Subjects, each Subject has 0 or more Principals. Each
Principal is mapped to 1 or more Permissions.
Each Permission
The way it sounds is that principal should really be renamed to role. Roles
typically have 0 or more permissions.
Although if you consider the hive as a mapping of roles to permissions then
you are really back to what I said earlier where swarm is handy if your
application pre-defines the roles
Right now swarm operates the following way: A user is associated with
1 or more Subjects, each Subject has 0 or more Principals.
This sounds right to me, and is like how JAAS works.
A subject is the root/ abstract entity for a user, principals are
views or identities of a subject and in JAAS
A subject is the root/ abstract entity for a user, principals are
views or identities of a subject and in JAAS you would represent a
role as a principal.
I agree with your statement which leads me to the fact that the principal
should really be a role in swarm and the hive file is a mapping
I've had a pretty good look at wicket security but the conclusion that I've
come to with that is it only supports the fact that you have pre defined
roles within your application.
I'm currently working on a multi tenant web application where the
application provided a set of permission, such and
By the way, I'm not saying wicket security is bad, other than my example I
think it is a well put together framework that beats the hell out of using
JAAS.
Thanks, i appreciate that :)
I've had a pretty good look at wicket security but the conclusion that I've
come to with that is it only
I understand what you are saying and I see how you have accomplished
something similar to what I'm trying to do, however it seems to me that you
are miss using the concept of a Principal. I'm not a security expert but a
principal seems to point to an individual and not with something called
Is wicket security based only on role based authorization or could it somehow
be used with a more traditional ACL type of file / logic.
-Craig
--
View this message in context:
http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024
Sent from the Wicket - User mailing list
Any strategy you like. Check out IAuthorizationStrategy.
Eelco
On 6/21/07, craigdd [EMAIL PROTECTED] wrote:
Is wicket security based only on role based authorization or could it somehow
be used with a more traditional ACL type of file / logic.
-Craig
--
View this message in context:
If you mean java Jaas like acl than swarm is what you are looking for.
Optionally if you really want to use jaas and not some look alike i
made up you could practically copy swarm and replace most objects with
there jaas counterparts.
However i chose not to use jaas because we are using that in
15 matches
Mail list logo