T5: access control (again)

Sat, 05 Jan 2008 15:39:48 -0800

Dear list - specifically all those having successful access control implementations,
I'd like to poll you for how you did it. Not so much the action of authentication, but more so how access is monitored and restricted. This is a well-known problem in general, but I've yet to see a satisfactory and pluggable implementation. First, the basic details: 


A user can have one or more roles, and roles determine what that user 
can and can't do/see/access. As I said, this is a well-known problem and 
there's even an existing library for the task: tapestry-acegi.



The good thing about tapestry-acegi is its 2 simple components. The make 
perfect sense and make integration feel smooth and water-tight (ie, not 
leaky). The bad things are:
1) The documentation is basically non-existent and I have no idea how to 
get it set up. Using the components is a no brainer - its the 
infrastructure that loses me.
2) It requires foreknowledge of acegi. Ok, so I checked out those docs, 
which led me to:
3) Acegi docs explicitly state that knowledge of spring is required, so 
you must first know (or learn) that.



That's where I draw the line. If you've read many posts from me, you may 
know that while I've been developing in Java for about 6 years I've 
specifically avoided using it for web because I've never felt it "had it 
together." Yes its capable, but its been overly complex and fragmented. 
Yes there are open source options but none of them, including struts and 
spring, have been enough to convince me that investing my time in 
learning them was worth it. This changed when I started toying with 
tapestry and its perspective of development (so this probably includes 
wicket, web objects, and prado).



I'm not bashing tapestry-acegi by any means. In fact I commend, thank, 
and cite in code the project as I used the idea of the IfLoggedIn 
component. It's both simple and elegant - but it requires knowledge that 
I don't have am not convinced is worth my having.



So... what are any of you other ambitious T5ers using for this? Packaged 
tools? Home grown? I'm home growing one at the moment (specific to a 
project) and would love to share, but I want to know what anyone else is 
doing to solve this classic problem.


sincerely,
chris

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to