Hi Ralph,
I am planning to use Acegi for authentication and authorization in a
ULC/Spring based project.
We will use Acegi for the authentication (DB based, implementing the
UserDetailsService and UserDetails interfaces)
For the runtime authorization check we will distinguish between
businesslogic function check and user interface visibility/
editability check.
1. For the former we will still use the Acegi facilities, because,
using Spring, this will allow us to exploit the available
MethodSecurityInterceptor object, which allow us to specify the check
declaratively. If you need it, I can send you a very simple example.
2. For the second one we need to grant an authorisation for each
widget. So each widget needs a "checker" functionality that allows
him to be visible (setVisible() or to be editable (setEditable().
This checker functionality needs to be implemented for each widget
class. If you are working in a Spring based environment, you can make
use of the available aspect oriented programming facilities. You
should be able to add a mixin class to each widget class you need to
check. The mixin class can be added declaratively, or within a
factory method.
Here is an example with a factory method, where a ULCButton is
enhanced with a SecuredULCComponentMixin and its check method is called:
public static ULCButton createNewButton(String caption,
IRightsChecker checker){
DefaultIntroductionAdvisor introductionAdvisor = new
DefaultIntroductionAdvisor(new SecuredULCComponentMixin());
ProxyFactory mixinFactory = new ProxyFactory();
mixinFactory.setTarget(new ULCButton(caption)); //enhance a normal
ULCButton
mixinFactory.addAdvisor(introductionAdvisor);
mixinFactory.setOptimize(true);
ULCButton buttonProxy = (ULCButton)mixinFactory.getProxy();
((ISecuredULCComponent)buttonProxy).setChecker(checker);
((ISecuredULCComponent)buttonProxy).checkRights();
return buttonProxy;
}
I can give you more information on this, but consider that we are not
so far in the implementation, because we are currently working in
some more urgent functionalities.
I hope it helps
Best regards
Sandro
On Mar 21, 2007, at 11:57 AM, [EMAIL PROTECTED] wrote:
Hi ULC-Developers,
we are thinking about an authentification and authorization
system for our ULC applications.
We would like to use CMA (container managed authorization).
The range of products is between JAAS, ACEGI or Struts-based.
But all these security systems need the definition of an URL to
arrange which parts
of application are accessible by a specific user. (e.g.
/foo/bar.jsp, /foo/admin/bar.do)
Is it possible to use CMA for ULC application? Finally ULC is a
HTTP based web application.
The alternative would be programmatic authorization!
Are there some experiences in using e.g. the Spring Acegi (or
alternatively JAAS) Security System wit ULC ???
Thanks for all hints!!
Mit freundlichen Grüßen/ Best Regards/Sincères Salutations
Ralph Weyers
DACHSER GmbH&Co.KG
HN Kempten/IT-Zentrale
Softwareentwicklung
_______________________________________________
ULC-developer mailing list
[email protected]
http://lists.canoo.com/mailman/listinfo/ulc-developer
_______________________________________________
ULC-developer mailing list
[email protected]
http://lists.canoo.com/mailman/listinfo/ulc-developer
