5 Replies Latest reply on Jun 15, 2007 5:25 AM by ybxiang.wolf

    To Gavin king__suggestion about restriction

    ybxiang.wolf
    ybxiang.wolf Jun 15, 2007 4:46 AM

      Gavin King:

      I love seam so much!!!!!
      I have 2 years web experience, and find that the security restriction offered by seam(jbpm or drools) is not enough. Now,i give a example:

      100 Users:
      u1---->u100.

      100 Actions,namely 100 methods:
      m01--->m1000

      now,
      u1 is allowed to access m01-m10
      u2 is allowed to access m11-m20
      u3 is allowed to access m21-m30
      u4 is allowed to access m31-m40
      u5 is allowed to access m41-m50
      ..................
      u100 is allowed to access m991-m1000

      Then, if i use drools, i must create 100 roles!!!!

      I suggest:
      add a new method named "addPermission" to class org.jboss.seam.security.Identity.

      when i logg in, i just code like this:

      ************************************************
      @Name("authenticator")
      public class AuthenticateAction {
      @Logger Log log;
      @In Identity identity;

      @IfInvalid(outcome="REDISPLAY")
      public boolean authenticate() {
      log.info("authenticating #0", identity.getUsername());
      //...............
      //find permission from DB for this user
      List lst_user1 = ...;
      for(int i=0;i<lst_user1.size();i++){
      identity.addPermission(lst_user1.get(i).toString());
      }
      ....
      }
      }
      ************************************************

      And check permission lick this:

      In JSF:
      <s:link view="/xxxx.xhtml" action="#{xxx}" value="Logout" rendered="#{identity.hasPermission('xxx')}"/>

      In java code:
      @Restrict(...hasPermission('xxx')...)
      public void xxx(){

      }



      I think this is a more simpler method about access control. I really love seam and want seam has this feature!!!

      Please think about it.

      When i touch ejb2.1, i really hate it EJB!
      But EJB3.0 give me the new hope. Hibernate, ejb3.0,seam are really the best in the word.


      Please, please think about this suggestion!!!!!!!!!!!!!!!!



      (I am chinese, i really envy americans have so good enviroment! )

      • 1065 Views
      • Tags:
        • 1. Re: To Gavin king__suggestion about restriction
          ybxiang.wolf
          ybxiang.wolf Jun 15, 2007 4:52 AM (in response to ybxiang.wolf)

          Another reason why i want to do like that:

          My customers need an UI Interface to assign permisisons by themselves. When i told them the concept of roles and permissions, they told me:"I just want select one user and assign some permission to him, and nothing more!"

          I have thought about this question about one year!!!I implements this feature by HttpSession.
          Now seam is so good, I will never use old framework. And i hope seam has this feature so much!!! Please!!!

            • Actions
          • 2. Re: To Gavin king__suggestion about restriction
            ybxiang.wolf
            ybxiang.wolf Jun 15, 2007 4:57 AM (in response to ybxiang.wolf)

            I have read "seam_reference" and "JBoss seam-simplity and power beyond java", i really love them!!!!!

            haha....................

              • Actions
            • 3. Re: To Gavin king__suggestion about restriction
              gavin.king
              gavin.king Jun 15, 2007 4:57 AM (in response to ybxiang.wolf)

              I think you've got kind of the wrong idea about what the security rulebase should look like.

              It should not have 1000s of rules, 1 for each user, instead it should have one rule which says: "if the needed Permission belongs to User.getPermissions(), grant the permission".

                • Actions
              • 4. Re: To Gavin king__suggestion about restriction
                ybxiang.wolf
                ybxiang.wolf Jun 15, 2007 5:18 AM (in response to ybxiang.wolf)

                 

                "gavin.king@jboss.com" wrote:
                I think you've got kind of the wrong idea about what the security rulebase should look like.

                It should not have 1000s of rules, 1 for each user, instead it should have one rule which says: "if the needed Permission belongs to User.getPermissions(), grant the permission".


                **************************************************
                It should not have 1000s of rules, 1 for each user, instead it should have one rule which says: "if the needed Permission belongs to User.getPermissions(), grant the permission".
                ~~~~~~~~~~~This is just what i want!
                ~~~~~~~~~~~This is just what i want!
                ~~~~~~~~~~~This is just what i want!
                ~~~~~~~~~~~This is just what i want!
                ~~~~~~~~~~~This is just what i want!

                I think i haven't grasp drools and cann't use it correctly. I will spend more time on drools and seam.

                Thank you so much!!!
                You are the best(NOT so called "one of the best") in jboss.com.



                  • Actions
                • 5. Re: To Gavin king__suggestion about restriction
                  ybxiang.wolf
                  ybxiang.wolf Jun 15, 2007 5:25 AM (in response to ybxiang.wolf)

                  Gavin king:

                  Thank you again!!!
                  You make java better!!! You are changing JAVA and JAVAers!!! You are the best!!!

                    • Actions