While working on CMS, I've had a look to Acegi and I really found it simple and nice. So I decided to begin testing with it before going deeper in JAAS...
Since JFacets and Acegi are fully Spring-based, integration has been pretty easy and makes sense ! A single component can be used in order to implement both the ProfileRepository and the UserDetailsService, and both flat and hierarchical roles can be handled.
I've checked a new JFacets2-acegi module in the CVS (an eclipse project) and added a page in the wiki.
Check it out !
Bloko: The Woko / JFacets weblog
Monday, September 18, 2006
Saturday, September 16, 2006
Container Managed Security part 2 : exploring users and roles
I've went again through JAAS docs, and apparently there is no standard API for exploring the users and roles "database" :-/
This is similar with Acegi... You can, from a user principal, get a list of "roles" (bottom-up), but you can't get a list of all roles, get all the users in a given role, etc. (I have posted a question on the Acegi forum but got no answer).
Last but not least, realms have to be configured at the App Server level, and so it's not portable from a container to another...
All this just sucks ! Not only the roles/users structure is flat, moreover you can't get the informations in a standard way !
Man, maybe I should propose the Profile Repository concept to the JCP ;-P
So, for using facets with CMS, one has to implement a specific Profile Repository from scratch, that relies on his own stuff...
Today I'll try to work on a base class that already implements most of the stuff for managing Users and Roles, with a higher abstraction level than the base IProfileRepository interface. This should allow easier implementation of the Profile Repository.
This base class will be used for testing with regular CMS (e.g. JAAS Login Module in Tomcat) and Acegi (custom UserDetailsService).
If testing is successful, I'll include the CMS stuff in 1.3.
This is similar with Acegi... You can, from a user principal, get a list of "roles" (bottom-up), but you can't get a list of all roles, get all the users in a given role, etc. (I have posted a question on the Acegi forum but got no answer).
Last but not least, realms have to be configured at the App Server level, and so it's not portable from a container to another...
All this just sucks ! Not only the roles/users structure is flat, moreover you can't get the informations in a standard way !
Man, maybe I should propose the Profile Repository concept to the JCP ;-P
So, for using facets with CMS, one has to implement a specific Profile Repository from scratch, that relies on his own stuff...
Today I'll try to work on a base class that already implements most of the stuff for managing Users and Roles, with a higher abstraction level than the base IProfileRepository interface. This should allow easier implementation of the Profile Repository.
This base class will be used for testing with regular CMS (e.g. JAAS Login Module in Tomcat) and Acegi (custom UserDetailsService).
If testing is successful, I'll include the CMS stuff in 1.3.
Friday, September 15, 2006
Container Managed Security part 1 : authentication
It's no secret, J2EE webapps can (and should) rely on Container Managed Security (CMS) in order to perform authentication and authorization.
From anywhere in the application, you are able to retrieve the user name :
In typical WebFacets applications, the user profiles are identified by the user's login name... see where we're coming to ? We could use this user name in order to use facets...
An utility class could be used to retrieve the current user's profile, something like :
And we could also have a filter that automatically loads the profile, for each incoming request.
Here it is for the authentication part. Next to come : mapping the CMS roles to profiles...
From anywhere in the application, you are able to retrieve the user name :
String userName = request.getRemoteUser();
In typical WebFacets applications, the user profiles are identified by the user's login name... see where we're coming to ? We could use this user name in order to use facets...
An utility class could be used to retrieve the current user's profile, something like :
public IProfile getCMSProfile(HttpServletRequest request) {
String userName = request.getRemoteUser();
if (userName==null)
return null;
else
return profileRepository.getProfileById(userName);
}
And we could also have a filter that automatically loads the profile, for each incoming request.
Here it is for the authentication part. Next to come : mapping the CMS roles to profiles...
Blog Opened
I've decided to set-up this blog in order to broadcast some infos about my work with (and on) the framework.
More to come soon...
Have fun
More to come soon...
Have fun
Subscribe to:
Posts (Atom)