• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Access Control [was: Digging up a Session object from an EOGenericRecord]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access Control [was: Digging up a Session object from an EOGenericRecord]


  • Subject: Re: Access Control [was: Digging up a Session object from an EOGenericRecord]
  • From: Kieran Kelleher <email@hidden>
  • Date: Mon, 9 Mar 2009 16:45:20 -0400

Thanks for discussing Chuck.

I am just wondering what others do and looking for ideas and/or standardization for current and future projects. Meanwhile I found this useful NIST standards info on various forms of RBAC ....
http://csrc.nist.gov/groups/SNS/rbac/


Cheers, Kieran

On Mar 9, 2009, at 3:22 PM, Chuck Hill wrote:


On Mar 7, 2009, at 3:58 PM, Kieran Kelleher wrote:

I have been using Role Based access control mixed with Privileges (on/off canViewThis, canEditThat, etc.), but I always get the feeling there is better ways to do this security stuff ....... anyone care to share their user security strategies in terms of access to pages, parts of pages and objects in WebObjects apps?

Roles and Privileges are good. I add a SecurityAgent object to hold all of this for a user and to the arbiter of access requests. The SecurityAgent gets set in the session when the user is authenticated. I also use permission names like ViewThis so that I can form these into bindings like @session.userCanViewThis. This gets passed to the SecurityAgent via KVC (actually, I use @userCanViewThis and get the page to pass it off to session). I also extend this with an optional EO so that after the SecurityAgent has verified the user has the Privilege, it can then delegate the final decision to the EO. This is useful where there are groups of users and you might have ViewThis but only on objects in your group.


Is that the sort of thing you were looking for?

Chuck

On Mar 7, 2009, at 12:48 PM, Mike Schrag wrote:

well, wherever ... awake possibly, or whenever your auth code runs to check for ACL's at the top of each request.

_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


-- Chuck Hill Senior Consultant / VP Development

Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects








_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
  • Follow-Ups:
    • Re: Access Control [was: Digging up a Session object from an EOGenericRecord]
      • From: Riccardo De Menna <email@hidden>
References: 
 >Digging up a Session object from an EOGenericRecord (From: Riccardo De Menna <email@hidden>)
 >Re: Digging up a Session object from an EOGenericRecord (From: Riccardo De Menna <email@hidden>)
 >Re: Digging up a Session object from an EOGenericRecord (From: Mike Schrag <email@hidden>)
 >Re: Digging up a Session object from an EOGenericRecord (From: Riccardo De Menna <email@hidden>)
 >Re: Digging up a Session object from an EOGenericRecord (From: Mike Schrag <email@hidden>)
 >Re: Digging up a Session object from an EOGenericRecord (From: Riccardo De Menna <email@hidden>)
 >Re: Digging up a Session object from an EOGenericRecord (From: Mike Schrag <email@hidden>)
 >Re: Digging up a Session object from an EOGenericRecord (From: Kieran Kelleher <email@hidden>)
 >Re: Digging up a Session object from an EOGenericRecord (From: Chuck Hill <email@hidden>)

  • Prev by Date: Re: Using Ant to Minify Javascript and CSS
  • Next by Date: [CAWUG] Reminder Meeting Tomorrow
  • Previous by thread: Re: Digging up a Session object from an EOGenericRecord
  • Next by thread: Re: Access Control [was: Digging up a Session object from an EOGenericRecord]
  • Index(es):
    • Date
    • Thread