Hi /M ;), yes you have to reimplement a own security service by resuing the SecurityService Interface.
The security service it threaten as ApplicationServices in Spring. This means that you this methods starts the Spring Transcations for you. I really recommend it to do use declarative transactions as the interfaces of Flucrum forces you to use checked exceptions (Spring's philosphy is to use check Exceptions only to represent business logic error not system failures). But with declarative transaction you use AOP to interecept the application service and the Data Access Object and this allows you to use the checked exceptions forced by Flucrum. In order to understand what I am talking about the hole time read the Spring documetation. It's a pretty good documenation: http://www.springframework.org/docs/reference/orm.html#orm-hibernate http://www.springframework.org/docs/reference/transaction.html http://www.springframework.org/docs/reference/aop.html At saturday I had the chance to study the current Flucrum SecurityService a bit, but I have not the time to provide some configuration/code right now. As soon I have time for this (I'll guess during this week), will post the code to this list. Meanwhile we can share your ideas here. Here is a sample of the DAO code I use to load, write and delete de User Object. public class HibernateUserDao extends HibernateDaoSupport implements UserDao { /** * Creates an new dao. */ public HibernateUserDao() { } /** * [EMAIL PROTECTED] * * @see innowake.turbine.sentinel.dataAccess.UserDao#save(org.apache.turbine.om.security.User) */ public void save(User user) { Session session = SessionFactoryUtils.getSession(getSessionFactory(), false); try { session.saveOrUpdate(user); session.flush(); } catch (HibernateException e) { throw SessionFactoryUtils.convertHibernateAccessException(e); } } /** * [EMAIL PROTECTED] * * @see innowake.turbine.sentinel.dataAccess.UserDao#remove(org.apache.turbine.om.security.User) */ public void remove(User user) { Session session = SessionFactoryUtils.getSession(getSessionFactory(), false); SentinelUser sentinelUser = (SentinelUser) user; try { session.delete(user); session.flush(); } catch (HibernateException e) { throw SessionFactoryUtils.convertHibernateAccessException(e); } } /** * [EMAIL PROTECTED] * * @see innowake.turbine.sentinel.dataAccess.UserDao#createNew(org.apache.turbine.om.security.User) */ public void createNew(User user) { Session session = SessionFactoryUtils.getSession(getSessionFactory(), false); SentinelUser sentinelUser = (SentinelUser) user; try { session.save(sentinelUser); session.flush(); } catch (HibernateException e) { throw SessionFactoryUtils.convertHibernateAccessException(e); } } /** * [EMAIL PROTECTED] * * @see innowake.turbine.sentinel.dataAccess.UserDao#findByPrimaryKey(long) */ public User findByPrimaryKey(long primaryKey) { Session session = SessionFactoryUtils.getSession(getSessionFactory(), false); User user = null; try { user = (User) session.get(SentinelUser.class, new Integer(new Long(primaryKey).intValue())); } catch (HibernateException e) { throw SessionFactoryUtils.convertHibernateAccessException(e); } return user; } /** * [EMAIL PROTECTED] * * @see innowake.turbine.sentinel.dataAccess.UserDao#findByLoginName(java.lang.String) */ public User findByLoginName(String loginName) { Session session = SessionFactoryUtils.getSession(getSessionFactory(), false); SentinelUser user = null; try { Query query = session.getNamedQuery("UserByLoginName"); query.setString("name", loginName); user = (SentinelUser) query.uniqueResult(); } catch (HibernateException e) { throw SessionFactoryUtils.convertHibernateAccessException(e); } return user; } /** * [EMAIL PROTECTED] * * @see innowake.turbine.sentinel.dataAccess.UserDao#findAll() */ public List findAll() { Session session = SessionFactoryUtils.getSession(getSessionFactory(), false); List users = null; try { Query query = session.createQuery("from " + SentinelUser.class.getName()); query.setCacheable(true); query.setCacheRegion("TubineUsers"); users = query.list(); } catch (HibernateException e) { throw SessionFactoryUtils.convertHibernateAccessException(e); } return users; } /* * (non-Javadoc) * * @see innowake.turbine.sentinel.dataAccess.UserDao#revoke(org.apache.turbine.om.security.User, * org.apache.turbine.om.security.Group, * org.apache.turbine.om.security.Role) */ public void revoke(User user, Group group, Role role) { Session session = SessionFactoryUtils.getSession(getSessionFactory(), false); SentinelUser modelUser = (SentinelUser) user; SentinelGroup modelGroup = (SentinelGroup) group; SentinelRole modelRole = (SentinelRole) role; try { if (modelGroup.getUsers().contains(user)) { if (modelRole.getUsers().contains(user)) { modelUser.getRoles().remove(role); session.update(modelUser); session.flush(); } } } catch (HibernateException e) { throw SessionFactoryUtils.convertHibernateAccessException(e); } } /* * (non-Javadoc) * * @see innowake.turbine.sentinel.dataAccess.UserDao#revokeAll(org.apache.turbine.om.security.User) */ public void revokeAll(User user) { Session session = SessionFactoryUtils.getSession(getSessionFactory(), false); SentinelUser model = (SentinelUser) user; try { if (model != null) { model.getRoles().removeAll(model.getRoles()); session.update(user); session.flush(); } } catch (HibernateException e) { throw SessionFactoryUtils.convertHibernateAccessException(e); } } /** * [EMAIL PROTECTED] * * @see innowake.turbine.sentinel.dataAccess.UserDao#findByPassword(java.lang.String, * java.lang.String) */ public User findByPassword(String loginName, String password) { Session session = SessionFactoryUtils.getSession(getSessionFactory(), false); User user = null; try { Query query = session .createQuery("FROM " + TurbineUser.class.getName() + " AS user WHERE user.name = :name AND user.password = :password "); query.setParameter("name", loginName); query.setParameter("password", password); user = (User) query.uniqueResult(); } catch (HibernateException e) { throw SessionFactoryUtils.convertHibernateAccessException(e); } return user; } My code currently does not throw any Fulcrum Exceptions, so you have to throw the excpetions precisely if you won't hurt the Fulcrum contracts. Have a nice day. Bye Toby > -----Urspr�ngliche Nachricht----- > Von: ANSI Webmaster [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. Juni 2004 16:25 > An: 'Turbine Users List' > Betreff: RE: I need simple Access Control (Security) with Turbine > withoutACL�s or Roles, how to do? > > > Alright i've been trying to go through the Turbine code to > find where and > how to change the DB from Torque to Hibernate. So far it > seems that the only > place where torque is called is: > > "services.SecurityService.user.manager=org.apache.fulcrum.secu > rity.impl.db.D > BUserManager"... > > Now I've found a Hibernate implementation in Fulcrum at > "org.apache.fulcrum.security.hibernate" - and I were wondering if I'm > supposed to use that, and the hook Spring into it? Or do I > have to rewrite > everything in regards to Spring but still use the same interface? > > /M > > -----Original Message----- > From: tobias rademacher [mailto:[EMAIL PROTECTED] > Sent: 17. juni 2004 09:13 > To: Turbine Users List > Subject: AW: I need simple Access Control (Security) with Turbine > withoutACL�s or Roles, how to do? > > Yes its recommend to use Spring as it simplies balancing the resources > (Hibernate Session) correctly an offers great > support for transactions. And it works great!!! But of course > you can use > Hibernate without Spring. > > You can try to register the Fulcrum Avalon Services with the Spring > Application Context, but > from Spring perspective this you need: > > 1) a DataAccessObject class and interface > 2) register HibernateSessionFactory into the ApplicationContext > 3) register the DAO into the ApplicationContext > 4) provide an ApplicationServices inferface and class which > accesss the dao > 5) add transaction support with templates or declaraive with > Spring AOP > > Hibernate offes an Avalon Service which seem to be reused > with c, but you > don't have > the great transactional support offered by Spring. I don't > looked into the > services, so > a cannot say if the spawn there own Hibernate Transactions. > Using Spring AOP > it may be possible > to wrap the Fulcrum Avalon Service with transaction, but I > don't now who > independet the Spring stuff is. > > Having said all of this using Avalon or Spring is just a > matter of taste. > Flucrum is a Avalon based. > So I guess you better write your own stuff if you would benefit from > Spring's stuff. > > So I'm a Spring user, please ask the Avalon Knights - maybe > they come up > with a possible easier intergation of > both worlds. > > :-) > > Toby > > -----Urspr�ngliche Nachricht----- > Von: ANSI Webmaster [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 17. Juni 2004 08:55 > An: 'Turbine Users List' > Betreff: RE: I need simple Access Control (Security) with Turbine > withoutACL�s or Roles, how to do? > > > Alright i'll work through it and see how it looks like. > > I've heard a lot of muttering about that I should use the > Spring framework > for accessing hibernate. Do you have any experience on this, > and if, hows > does this blend in to Fulcrum? > > /M > > -----Original Message----- > From: Peter Courcoux [mailto:[EMAIL PROTECTED] > Sent: 17. juni 2004 00:00 > To: Turbine Users List > Subject: RE: I need simple Access Control (Security) with Turbine > withoutACL�s or Roles, how to do? > > It's been said before, and I know its not ideal, but the best place to > start looking at this is to go to http://zebra.tigris.org and look at > the zebra-antelope web application. It uses turbine, and hibernate and > fulcrum-security. Don't be put off by the zebra workflow > references. The > zebra engine is not yet embedded in the antelope example. > > I know that Zebra-Antelope does use a recent 2.4-dev build, but I > believe that it is the best resource we currently have for > seeing how to > use Hibernate with Turbine. Also fulcrum-security does the > job for which > it was written, but it is not a complete 'out-of-the-box' solution. > Again, this is probably the best resource we currently have > for getting > an implementation working which can then be customised to suit. > > Look at how the fulcrum-security stuff works. If I recall > correctly the > ACL interface in fulcrum-security is an empty interface, so I > think you > can do what you want with it. You may need to customise the > AccessController, which builds the ACL, the LoginUser action and > possibly a SessionValidator. All of these are pluggable by > changing the > default settings in TurbineResources.properties. > > Peter > > > On Wed, 2004-06-16 at 22:09, ANSI Webmaster wrote: > > Ok i've been reading up like a crazed hippodrome on all the > hibernate > stuff, > > and I'm also interested in where I can plug this into the > Turbine ACL... > > This was also part of why I wanted to use the new version > in the CVS as it > > said it had removed all the old Torque stuff. > > > > So where do I begin with this, whats a good place to start? > > > > /M > > > > -----Original Message----- > > From: Eric Pugh [mailto:[EMAIL PROTECTED] > > Sent: 10. juni 2004 19:39 > > To: Turbine Users List > > Subject: RE: I need simple Access Control (Security) with > Turbine without > > ACL�s or Roles, how to do? > > > > You are right about needing to use the Adapter.. If you > are using Fulcrum > > Security through the older Turbine Security service which > is what things > > like the default session validators and rundata use to look > things up. > > However, if you have reimplemented any of these things > (which is pretty > > commong) then you can just lookup the Fulcrum Security > service directly > like > > any ohter avalon component and use methods.. > > > > A typical example would be admin screens that need extended security > > information. For an example of this, check out the > Antelope example app > > available from here: http://zebra.tigris.org > > > > Eric > > > > > -----Original Message----- > > > From: Lester Ward [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, June 10, 2004 6:43 PM > > > To: 'Turbine Users List' > > > Subject: RE: I need simple Access Control (Security) with Turbine > > > without ACL�s or Roles, how to do? > > > > > > > > > > If you use the Turbine adapter, you inherit a lot of that stuff, > > > > but it runs in the 2.3 environment. If you use Fulcrum Security > > > > directly, then all of that stuff is gone. > > > > > > I was under the impression that the only way to use > Fulcrum Security > with > > > Turbine 2.3 was through the adaptor, but the statement above > > > seems to imply > > > otherwise. Could you elaborate? How does one not use the Turbine > > > adaptor and > > > still use Turbine? > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
