Re: Pattern Approach to User permissions?
Re: Pattern Approach to User permissions?
- Subject: Re: Pattern Approach to User permissions?
- From: Anjo Krank <email@hidden>
- Date: Wed, 3 Mar 2004 07:01:29 +0100
- Xx-reply-to: email@hidden
David Neumann had presentations at every WWDC on WebObjects and
security and he implemented a reusable security framework as an example
for that. It is also based on java security "Principal", "Group" and
"Permission".
Here's one link to anolder version I found while searching for
"webobjects security framework" in google
http://www.geeklair.net/~dluke/wwdc2000/409/
Am 03.03.2004 um 02:07 schrieb Arturo Pirez:
On Mar 2, 2004, at 4:45 PM, Kieran Kelleher wrote:
I am trying to decide how best to incorporate user-based permissions
for selecting (viewing), inserting (adding), updating (editing) and
deleting EO's into my object model design.
I'm also wrestling/designing such a system. I've decided to pattern
mine after JAAS but beyond that I'm not certain how to proceed.
In JAAS you have a Subject toMany Principal toMany Permission. In
both your and my model that falls short in that we both want to manage
Resources. A Subject is, essentially, a collection of Principals.
Each Principal can be interpreted as a role of some sort (kind of like
group permissions). In the base JAAS model, a Permission includes a
kind of Resource class and an action that can be performed against it.
There are examples of how to extend JAAS to include resource
instance-based information. See this document over at IBM
http://www.ibm.com/developerworks/java/library/j-jaas/. In any case,
the JAAS arena may give you some ideas on how to proceed.
In my case, I'm not sure that I want the coupling between the
permissions model and my other models that you're thinking about. I
want my security framework to be reusable to other applications as
well. What I would like would be to use something like eogenerator to
create java.security.Guard-wrapped EOs. Does anyone know if it can be
modified to do so? Alternatively, make a subclass of EOGenericRecord
that overrides the validate methods to enforce permissioning. Then I
figure I'll need a permission/security oriented version of
WOComponentContent to wrap around things.
Thoughts?
----
WO in philadelphia - wanna cheesesteak with that?
Please visit webobjects.meetup.com.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
Cheers, Anjo
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.