turbine-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Pugh" <ep...@upstate.com>
Subject RE: Fulcrum Build Results -- REVISED missing dependencies
Date Mon, 19 Jan 2004 08:29:37 GMT

Take a looksee at the docs by building Fulcrum from CVS, they have been
advanced quite a bit.  I am going to update the docs online soon, I just
haven't had a chance to do it.

In the latest version (alpha 6) the "Simple" model was renamed "Dynamic".
The reason was the simplest usable model is actually just users belonging in
groups, without any extra trimmings like groups belong to groups, or roles,
or permissions.  I have used this simplest model, called "Basic" in a couple
apps.   I have also used "Dynamic" in a couple situations.

When you read the updated docs, the key thing to understand is that the
model of how entities are wired together is kept seperate from managing
entities.  This allows us to use the same management code for
user,group,role,permission, and, if we need a new type of model, just create
a new type of model...

See my inlined comments below:

> Hi Eric,
> I was looking for a security framework around and finally I found the
> security component, part of the fulcrum project.
> It seems to be a good choice considering that it is open source, well
> designed (though it is an alpha version) and offers
> persistence through
> hibernate !
> I have read the online explanations and the "simple" implementation
> model proposed with hibernate seems to be a good compromise between
> functionality and complexity.
> However I'm not sure I have exactly understood the way to use the api.
> So as described in the doc we have four entities : users,
> groups, roles
> and permissions.
> I wondered if I can do this :
> 1. define fine grained permissions and hard code them in my
> applications
> to define what a user can do or see.
Yup!  Define your permissions (either in constants or in a config file or
whatnot) and then make sure you put them in your db..  Then, to check them,
you do this:
AccessControlList acl= UserManager.getACL(user);
if ((DynamicAccessControlList)acl).hasPermission(EDIT_USERS) {


> 2. configure as many roles as I want : i.e. create roles and set
> permissions to the roles ( as long as the application relies only on
> permissions, roles can be created and deleted whitout any problem...)
Yup!  This is where the renamed "Dynamic" model is useful.
> 3. set roles to groups
> 4. add users to groups
Yup!  Note, Dynamic currently doesn't support Groups as part of Groups..
Instead, you would put users in multiple groups.  I have thought about
creating a model based on NT called "NTStyle" that would have users, roles,
and groups, and groups could be in groups..  Users could be in groups, and
groups would have roles.  But no permissions since that doesn't map
> So groups are central in this design.
> What I want to do is a web interface for managing users, groups and
> roles for web-applications (and I intend to insert the permissions
> directly in the database so they cannot be modified through the web
> interface).
> Am I wrong with that ?

Sounds good.   Something I often do is in my unit tests leverage the Memory
provider instead of Hibernate so I don't have to setup/cleanup a database
behind me.   Hollar if you need help.

Eric Pugh

To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org

View raw message