I am open to suggestions for alternate names, or if someone could point me to the naming standards :)
Right now swarm operates the following way: A user is associated with 1 or more Subjects, each Subject has 0 or more Principals. Each Principal is mapped to 1 or more Permissions. Each Permission has 0 or more Actions. Permissions and actions are named pretty straight forward i think. Maurice On 6/29/07, craigdd <[EMAIL PROTECTED]> wrote: > > Just my two cents but I think the API should change, or I guess not really > the API but the implementation(swarm) to better reflect industry naming > standards which will hopefully cut down on the confusion and hopefully make > it a little easier to integrate other security frameworks. > > I use acegi as an example, they have an Authentication object that has a > method "getPrincipal" which if you read their javadoc makes it pretty clear > that an authenticated entity has one principal, which also seems to fit with > JAAS. > > -Craig > > > Mr Mean wrote: > > > > Neither am i :) And you could be right about me misusing the > > principal, but using the actions of a permission for read write and > > then logically separating permissions with read from permissions with > > write in different principals does not seem like stretch to me. > > > > Maurice > > > > On 6/29/07, craigdd <[EMAIL PROTECTED]> wrote: > >> > >> I understand what you are saying and I see how you have accomplished > >> something similar to what I'm trying to do, however it seems to me that > >> you > >> are miss using the concept of a Principal. I'm not a security expert but > >> a > >> principal seems to point to an individual and not with something called > >> write. Write fits a little better into the concepts of ACL. > >> > >> -Craig > >> > >> > >> Mr Mean wrote: > >> > > >> >> By the way, I'm not saying wicket security is bad, other than my > >> example > >> >> I > >> >> think it is a well put together framework that beats the hell out of > >> >> using > >> >> JAAS. > >> > > >> > Thanks, i appreciate that :) > >> > > >> >> I've had a pretty good look at wicket security but the conclusion that > >> >> I've > >> >> come to with that is it only supports the fact that you have pre > >> defined > >> >> roles within your application. > >> >> > >> > > >> > Well i am not saying it is impossible to declare and add new > >> > permissions / principals at runtime but i think it is generally > >> > undesirable to do so. Instead you should make your principals fine > >> > grained enough to be used as building blocks for roles. > >> > > >> >> I'm currently working on a multi tenant web application where the > >> >> application provided a set of permission, such and read / write access > >> to > >> >> an > >> >> object and each tenant in the application defines their own role > >> heirachy > >> >> based on those permissions. > >> > > >> > This is exactly what we are doing in our application. We have > >> > literally +- 1000 principals defined in our system. By allowing the > >> > users to group principals together they can build there own roles. We > >> > have multiple organizations in our application and each of them can > >> > completely redesign there user roles in the system (well only up to a > >> > point because we could not allow that, but that aside they could). We > >> > provide each organization with a set of default roles as we think will > >> > suit most of them but they are completely free to alter/ rename/ > >> > delete/ whatever do with those roles because we do not depend on the > >> > roles but on the underlying principals, which are controlled by us. A > >> > big help is the fact that we made our principals imply each other > >> > (write implies read, etc) So when a user designs there roles they > >> > don't have to check read access to page A and write access to page A > >> > but can suffice with write access to page A. Although most of our > >> > principals handle a couple of related pages we also have principals > >> > going as deep as individual components. For instance we have a large > >> > data grid, the principals are fine grained enough to give you read or > >> > write access up to the individual cell. > >> > > >> > Correct me if i am wrong but this seems to be what you want too. > >> > > >> > Maurice > >> > > >> > > >> > On 6/28/07, craigdd <[EMAIL PROTECTED]> wrote: > >> >> > >> >> I've had a pretty good look at wicket security but the conclusion that > >> >> I've > >> >> come to with that is it only supports the fact that you have pre > >> defined > >> >> roles within your application. > >> >> > >> >> I'm currently working on a multi tenant web application where the > >> >> application provided a set of permission, such and read / write access > >> to > >> >> an > >> >> object and each tenant in the application defines their own role > >> heirachy > >> >> based on those permissions. > >> >> > >> >> We are currently using acegi and I'm trying to figure out the best way > >> to > >> >> bake acl into wicket's components. Example, a link is set to > >> invisible > >> >> if > >> >> the authenticated use doesn't contain a role with the given permission > >> of > >> >> that link. So lets say the link is to delete an object, the user must > >> >> have > >> >> a role with the permission to delete that object or the link will not > >> >> show > >> >> on the page. > >> >> > >> >> By the way, I'm not saying wicket security is bad, other than my > >> example > >> >> I > >> >> think it is a well put together framework that beats the hell out of > >> >> using > >> >> JAAS. > >> >> > >> >> -Craig > >> >> > >> >> > >> >> Mr Mean wrote: > >> >> > > >> >> > If you mean java Jaas like acl than swarm is what you are looking > >> for. > >> >> > Optionally if you really want to use jaas and not some look alike i > >> >> > made up you could practically copy swarm and replace most objects > >> with > >> >> > there jaas counterparts. > >> >> > However i chose not to use jaas because we are using that in one of > >> >> > our projects right now and although it works it is less than optimal > >> >> > :) As soon as we make the switch to wicket 1.3.0 jaas will be > >> replaced > >> >> > by swarm. > >> >> > > >> >> > You can also check out the example project here > >> >> > > >> >> > >> https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicket-security-examples > >> >> > > >> >> > > >> >> > Maurice > >> >> > > >> >> > On 6/21/07, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > >> >> >> wicket's security model is completely generic > >> >> >> > >> >> >> see IAuthorizationStrategy - it is very abstract and thus can be > >> used > >> >> to > >> >> >> implement any kind of authorization > >> >> >> > >> >> >> wicket-auth is just an example that implements basic role-based > >> model > >> >> >> > >> >> >> see wicket-stuff wasp and swarm projects > >> >> >> > >> >> >> http://wicketstuff.org/confluence/display/STUFFWIKI/Wicket-Security > >> >> >> > >> >> >> -igor > >> >> >> > >> >> >> > >> >> >> On 6/21/07, craigdd <[EMAIL PROTECTED]> wrote: > >> >> >> > > >> >> >> > Is wicket security based only on role based authorization or > >> could > >> >> it > >> >> >> somehow > >> >> >> > be used with a more traditional ACL type of file / logic. > >> >> >> > > >> >> >> > -Craig > >> >> >> > -- > >> >> >> > View this message in context: > >> >> >> > >> >> > >> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11239024 > >> >> >> > Sent from the Wicket - User mailing list archive at Nabble.com. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > >> >> > >> ------------------------------------------------------------------------- > >> >> >> > This SF.net email is sponsored by DB2 Express > >> >> >> > Download DB2 Express C - the FREE version of DB2 express and take > >> >> >> > control of your XML. No limits. Just data. Click to get it now. > >> >> >> > http://sourceforge.net/powerbar/db2/ > >> >> >> > _______________________________________________ > >> >> >> > Wicket-user mailing list > >> >> >> > Wicket-user@lists.sourceforge.net > >> >> >> > https://lists.sourceforge.net/lists/listinfo/wicket-user > >> >> >> > > >> >> >> > >> >> >> > >> >> >> > >> >> > >> ------------------------------------------------------------------------- > >> >> >> This SF.net email is sponsored by DB2 Express > >> >> >> Download DB2 Express C - the FREE version of DB2 express and take > >> >> >> control of your XML. No limits. Just data. Click to get it now. > >> >> >> http://sourceforge.net/powerbar/db2/ > >> >> >> _______________________________________________ > >> >> >> Wicket-user mailing list > >> >> >> Wicket-user@lists.sourceforge.net > >> >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user > >> >> >> > >> >> >> > >> >> > > >> >> > > >> >> > >> ------------------------------------------------------------------------- > >> >> > This SF.net email is sponsored by DB2 Express > >> >> > Download DB2 Express C - the FREE version of DB2 express and take > >> >> > control of your XML. No limits. Just data. Click to get it now. > >> >> > http://sourceforge.net/powerbar/db2/ > >> >> > _______________________________________________ > >> >> > Wicket-user mailing list > >> >> > Wicket-user@lists.sourceforge.net > >> >> > https://lists.sourceforge.net/lists/listinfo/wicket-user > >> >> > > >> >> > > >> >> > >> >> -- > >> >> View this message in context: > >> >> > >> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11350022 > >> >> Sent from the Wicket - User mailing list archive at Nabble.com. > >> >> > >> >> > >> >> > >> ------------------------------------------------------------------------- > >> >> This SF.net email is sponsored by DB2 Express > >> >> Download DB2 Express C - the FREE version of DB2 express and take > >> >> control of your XML. No limits. Just data. Click to get it now. > >> >> http://sourceforge.net/powerbar/db2/ > >> >> _______________________________________________ > >> >> Wicket-user mailing list > >> >> Wicket-user@lists.sourceforge.net > >> >> https://lists.sourceforge.net/lists/listinfo/wicket-user > >> >> > >> > > >> > > >> ------------------------------------------------------------------------- > >> > This SF.net email is sponsored by DB2 Express > >> > Download DB2 Express C - the FREE version of DB2 express and take > >> > control of your XML. No limits. Just data. Click to get it now. > >> > http://sourceforge.net/powerbar/db2/ > >> > _______________________________________________ > >> > Wicket-user mailing list > >> > Wicket-user@lists.sourceforge.net > >> > https://lists.sourceforge.net/lists/listinfo/wicket-user > >> > > >> > > >> > >> -- > >> View this message in context: > >> http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11352386 > >> Sent from the Wicket - User mailing list archive at Nabble.com. > >> > >> > >> ------------------------------------------------------------------------- > >> This SF.net email is sponsored by DB2 Express > >> Download DB2 Express C - the FREE version of DB2 express and take > >> control of your XML. No limits. Just data. Click to get it now. > >> http://sourceforge.net/powerbar/db2/ > >> _______________________________________________ > >> Wicket-user mailing list > >> Wicket-user@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/wicket-user > >> > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Wicket-user mailing list > > Wicket-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > > > > -- > View this message in context: > http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11360562 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
