directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Wallace <>
Subject Re: [authx] Help with complicated authorization
Date Fri, 17 Jun 2005 20:44:28 GMT
Alex Karasulu wrote:

> Richard Wallace wrote:
>> Anyways, I'm trying to figure out how to do authorization.  
>> Authentication is pretty simple I think, but the authorization is 
>> pretty complex.  Instead of a user having or not having permission to 
>> access a page (container webapp security) or having or not having 
>> permissions to run certain actions (JAAS), we need finer grained 
>> permissions based on objects and the users relationship to the object.
> Aye I think this was the reason why we started authx.
>> What we have is basically a project and task management tool for our 
>> organization.
> [Off Topic]
> I'd stick to good old JIRA for that if I were you.  Perhaps you can 
> work with customized workflows using their permission schemes in JIRA 
> and Confluence?  It would get you there faster and the Atlassian guys 
> have the product down in terms of user interfaces.  It costs 
> practically nothing to get an Enterprise License ... like 3-4K.  
> Development time would cost much more.

Well, it's a little more industry specific I think.  It's more than just 
a project and task manager too, I just wanted to get the basic idea across.

>> I'm wondering how I might implement this with AuthX.  Do I simply 
>> create custom permissions classes, like ProjectPermission and 
>> TaskPermission?  Then, when implementing the implies() method what do 
>> I do?  Is that where I would do these checks to see if the user has 
>> the required ability to do the desired operation?
>> I think I'm a little lost because of all the groovy stuff.  Does 
>> anyone have an example app that I can work from that doesn't have 
>> groovy?
> Yeah the Groovy scripting throws me off too.  I have not seen any 
> applications built on this.  Vince might have something for you to 
> look at though.
> Sorry for not having a concrete answer for you.
> Alex
Not your fault.  I've actually found what seems on first glace, a really 
good security framework built specifically for Spring  Now I don't like the fact that I'll be tied 
to a specific container, but it sounds like I can do exactly the kind of 
stuff that I need to do with it.


View raw message