Re: Digging up a Session object from an EOGenericRecord
Re: Digging up a Session object from an EOGenericRecord
- Subject: Re: Digging up a Session object from an EOGenericRecord
- From: Chuck Hill <email@hidden>
- Date: Mon, 9 Mar 2009 12:22:26 -0700
On Mar 7, 2009, at 3:58 PM, Kieran Kelleher wrote:
I have been using Role Based access control mixed with Privileges
(on/off canViewThis, canEditThat, etc.), but I always get the
feeling there is better ways to do this security stuff .......
anyone care to share their user security strategies in terms of
access to pages, parts of pages and objects in WebObjects apps?
Roles and Privileges are good. I add a SecurityAgent object to hold
all of this for a user and to the arbiter of access requests. The
SecurityAgent gets set in the session when the user is authenticated.
I also use permission names like ViewThis so that I can form these
into bindings like @session.userCanViewThis. This gets passed to the
SecurityAgent via KVC (actually, I use @userCanViewThis and get the
page to pass it off to session). I also extend this with an optional
EO so that after the SecurityAgent has verified the user has the
Privilege, it can then delegate the final decision to the EO. This is
useful where there are groups of users and you might have ViewThis
but only on objects in your group.
Is that the sort of thing you were looking for?
Chuck
On Mar 7, 2009, at 12:48 PM, Mike Schrag wrote:
well, wherever ... awake possibly, or whenever your auth code runs
to check for ACL's at the top of each request.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve specific
problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden