turbine-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ANSI Webmaster" <webmas...@ansi.dk>
Subject RE: I need simple Access Control (Security) with Turbine withoutACL´s or Roles, how to do?
Date Fri, 18 Jun 2004 14:24:34 GMT
Alright i've been trying to go through the Turbine code to find where and
how to change the DB from Torque to Hibernate. So far it seems that the only
place where torque is called is:

"services.SecurityService.user.manager=org.apache.fulcrum.security.impl.db.D
BUserManager"...

Now I've found a Hibernate implementation in Fulcrum at
"org.apache.fulcrum.security.hibernate" - and I were wondering if I'm
supposed to use that, and the hook Spring into it? Or do I have to rewrite
everything in regards to Spring but still use the same interface?

/M

-----Original Message-----
From: tobias rademacher [mailto:tobias.rademacher@innowake.de] 
Sent: 17. juni 2004 09:13
To: Turbine Users List
Subject: AW: I need simple Access Control (Security) with Turbine
withoutACL´s or Roles, how to do?

Yes its recommend to use Spring as it simplies balancing the resources
(Hibernate Session) correctly an offers great 
support for transactions. And it works great!!! But of course you can use
Hibernate without Spring.

You can try to register the Fulcrum Avalon Services with the Spring
Application Context, but 
from Spring perspective this you need:

1) a DataAccessObject class and interface
2) register HibernateSessionFactory into the ApplicationContext
3) register the DAO  into the ApplicationContext
4) provide an ApplicationServices inferface and class which accesss the dao
5) add transaction support with templates or declaraive with Spring AOP

Hibernate offes an Avalon Service which seem to be reused with c, but you
don't have
the great transactional support offered by Spring. I don't looked into the
services, so
a cannot say if the spawn there own Hibernate Transactions. Using Spring AOP
it may be possible
to wrap the Fulcrum Avalon Service with transaction, but I don't now who
independet the Spring stuff is.

Having said all of this using Avalon or Spring is just a matter of taste.
Flucrum is a Avalon based.
So I guess you better write your own stuff if you would benefit from
Spring's stuff. 

So I'm a Spring user, please ask the Avalon Knights - maybe they come up
with a possible easier intergation of
both worlds.

:-)

Toby

-----Ursprüngliche Nachricht-----
Von: ANSI Webmaster [mailto:webmaster@ansi.dk]
Gesendet: Donnerstag, 17. Juni 2004 08:55
An: 'Turbine Users List'
Betreff: RE: I need simple Access Control (Security) with Turbine
withoutACL´s or Roles, how to do?


Alright i'll work through it and see how it looks like. 

I've heard a lot of muttering about that I should use the Spring framework
for accessing hibernate. Do you have any experience on this, and if, hows
does this blend in to Fulcrum?

/M

-----Original Message-----
From: Peter Courcoux [mailto:peter@courcoux.biz] 
Sent: 17. juni 2004 00:00
To: Turbine Users List
Subject: RE: I need simple Access Control (Security) with Turbine
withoutACL´s or Roles, how to do?

It's been said before, and I know its not ideal, but the best place to
start looking at this is to go to http://zebra.tigris.org and look at
the zebra-antelope web application. It uses turbine, and hibernate and
fulcrum-security. Don't be put off by the zebra workflow references. The
zebra engine is not yet embedded in the antelope example. 

I know that Zebra-Antelope does use a recent 2.4-dev build, but I
believe that it is the best resource we currently have for seeing how to
use Hibernate with Turbine. Also fulcrum-security does the job for which
it was written, but it is not a complete 'out-of-the-box' solution.
Again, this is probably the best resource we currently have for getting
an implementation working which can then be customised to suit.

Look at how the fulcrum-security stuff works. If I recall correctly the
ACL interface in fulcrum-security is an empty interface, so I think you
can do what you want with it. You may need to customise the
AccessController, which builds the ACL, the LoginUser action and
possibly a SessionValidator. All of these are pluggable by changing the
default settings in TurbineResources.properties. 

Peter


On Wed, 2004-06-16 at 22:09, ANSI Webmaster wrote:
> Ok i've been reading up like a crazed hippodrome on all the hibernate
stuff,
> and I'm also interested in where I can plug this into the Turbine ACL...
> This was also part of why I wanted to use the new version in the CVS as it
> said it had removed all the old Torque stuff.
> 
> So where do I begin with this, whats a good place to start?
> 
> /M
> 
> -----Original Message-----
> From: Eric Pugh [mailto:epugh@upstate.com] 
> Sent: 10. juni 2004 19:39
> To: Turbine Users List
> Subject: RE: I need simple Access Control (Security) with Turbine without
> ACL´s or Roles, how to do?
> 
> You are right about needing to use the Adapter..  If you are using Fulcrum
> Security through the older Turbine Security service which is what things
> like the default session validators and rundata use to look things up.
> However, if you have reimplemented any of these things (which is pretty
> commong) then you can just lookup the Fulcrum Security service directly
like
> any ohter avalon component and use methods..
> 
> A typical example would be admin screens that need extended security
> information.  For an example of this, check out the Antelope example app
> available from here: http://zebra.tigris.org
> 
> Eric
> 
> > -----Original Message-----
> > From: Lester Ward [mailto:lward@tagaudit.com]
> > Sent: Thursday, June 10, 2004 6:43 PM
> > To: 'Turbine Users List'
> > Subject: RE: I need simple Access Control (Security) with Turbine
> > without ACL´s or Roles, how to do?
> >
> >
> > > If you use the Turbine adapter, you inherit a lot of that stuff,
> > > but it runs in the 2.3 environment.  If you use Fulcrum Security
> > > directly, then all of that stuff is gone.
> >
> > I was under the impression that the only way to use Fulcrum Security
with
> > Turbine 2.3 was through the adaptor, but the statement above
> > seems to imply
> > otherwise. Could you elaborate? How does one not use the Turbine
> > adaptor and
> > still use Turbine?
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: turbine-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org


Mime
View raw message