0 Replies Latest reply on Jan 17, 2003 6:47 AM by Viet

    security integrated

    Viet Master

      It's been faster to integrate that what I thought at beginning. Ok I must admit rules are hardcoded
      so far.

      I don't know where to put them ? as configuration with an mbean ? or in EJB layer. Because rules are not very numerous. Maybe under 15 rules for a PN site running.

      mbean advantage : site can work without Core module
      and permisssions are still working. Rules are part
      of configuration. They are fast to retrieve, etc...

      EJB ? except the statement user.getRules() and
      group.getRules() I dont't see them. More over
      these rules must be all the times converted
      back to a usable object. And you can add
      also EJB locking...

      So help me to decide :-) but I think my choice
      is done.

      Anyway, it's pretty easy to use them
      in a module/block :

      API.secAuthAction("Menublock::", "Administration::", Constants.SEC_ACCESS_READ)

      will check if current user can see the link
      adminstration in the menu block.

      it works well and I am pretty proud of it !

      In a general fashion, API functions are used
      this way with a static call. That sticks to
      PostNuke spirit.