cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hepabolu <>
Subject Re: CoWarp (was Re: svn commit: r232855...)
Date Wed, 17 Aug 2005 09:27:36 GMT
Leszek Gawron wrote:
> Acegi is a very robust framework. Although the author states it could be 
> used without Spring [1] he strongly encourages not to :). I quite got 
> the point when I implemented the first application context which just 
> secures a single method in a dummy business service:
> This is ONLY business method security. "Basic" acegi sample has 
> applicationContext.xml at least twice this big.
> Thing is: even if it's possible to use it without Spring it will be a 
> total hell to wrap everything as ECM components without Dependency 
> Injection.
> Still I would love to have a functionality that replaces ANT based 
> request URI expressions:

I'm not going to proclaim myself an expert in security 
matters/frameworks, but when I needed to add security (authorization 
rather than just authentication) to my application I had a look at Acegi 
too and found it too cumbersome too.

I came across XACML (by OASIS) [1] and it's implementation by Sun [2]. 
Priorities changed and I haven't looked into it further, but this at 
least doesn't rely on Spring. Maybe something to consider.

My POV on security (i.e. authorization) is:
- it should be easy to configure (XML config rather than code)
- it should be role-based, preferably supporting multiple roles 
(hierarchical and occasional, e.g. a person can be 'doctor' and 
'treating physician'. In his latter role he can see more information of 
the patient).
- it should allow me to "filter" data based on roles (e.g. 'doctor' sees 
less info than 'treating physician')
- it would be great if the roles could also be applied to the UI: when 
it is not possible to edit something the UI is adjusted (e.g. removal of 
'edit' button or different display of widget). I know the latter is 
highly dependent on the application, but there are common tasks that 
could be integrated in the framework.

Just my 2ct.

Bye, Helma


View raw message