directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Wallace <rwall...@thewallacepack.net>
Subject Re: [authx] Help with complicated authorization
Date Sat, 18 Jun 2005 17:53:47 GMT
Vincent Tence wrote:

>On Fri, 2005-06-17 at 13:44 -0700, Richard Wallace wrote:
><snip/>
>
>  
>
>>Not your fault.  I've actually found what seems on first glace, a really 
>>good security framework built specifically for Spring 
>>http://agisecurity.sf.net.  Now I don't like the fact that I'll be tied 
>>to a specific container, but it sounds like I can do exactly the kind of 
>>stuff that I need to do with it.
>>    
>>
>
>We're also using Acegi on our current project at work. Simply because,
>it's the best option I found available ... until AuthX has a comprable
>feature set ready of course.
>
>Acegi has a very nice feature set, but here's what I don't like (or did
>not understand):
>
>- It's tied to Spring
>  
>
That is something that puts me off a little bit.  For now it's not a big 
deal because I am using Spring, but I would definitely prefer to be able 
to swap out any part of the system (JSF/Container/Persistence/auth) 
without having to change one of the other parts of the system.

>- It's role based only
>  
>
That will mostly work in our situation tho.  That's basically how things 
are handled in the existing PHP system, with some custom authentication 
code.  With interceptors, I'm hoping this will work out for us.

>- It's all XML stuff (and you need to write a hell lot of XML)
>  
>
Heh, I just started looking at it yesterday and already I'm anticipating 
the damn Spring file suddenly growing to be the largest file in the 
whole project.

>- You've got to play by the rules it defines
>
>I would really like to replace our use of Acegi, but before that, here's
>the list of stuff that need to be implemented:
>
>- Hibernate Realm  (not very hard, should be easier than JDBC Realm)
>- Hibernate Information Provider, for loading roles from the Database
>- A stack of web utilities, including permissions to define access to
>web resources, servlet filters, servlet listeners, ... not that hard
>either
>- Utilities to setup authx, including authenticators, information
>providers and authorizers, wiring them together in the minimal amount of
>steps, for general usage
>
>-- Vincent
>
>  
>


Mime
View raw message