Hi Ray,
thank you for your answer.
I thought i should use ACEGI for every thing i can, because it's hard in
my eyes to build a "instance based security system" which is secure and
fast.
That's why i wanted to use the ACL/ACE feature.
But i like your answer to solve that by a query, because it's sounds
logical. But it also means i have to do all myself and if i do all
myself, i'll do every fault possible (=> murphy's laws). :(
It would be interesting for me to know, what's the main points to keep
such a system fast.
The problem is, that it is very expansive to check for every "contact"
instance (for example) the permissions, because there are some users and
hierarchical groups(with associated users) and maybe inherited
permissions from parent classes.
It seems impossible to do such things in fast way...
I would welcome every answer to my question, but i don't think that you
are totally wrong. It's always good to hear more than one opinion. :)
Ok, now my build problem. I tried 3 different version of maven...and
always a different exception. Yes, i added proxy configuration because
i'm sitting behind a firewall.
I solved a missing dependency myself, but i'll append my exception to
the end of my answer.
Cheers,
Ingo
My build exception:
-------------------------------
sdocbook:generate-html:
sdocbook:transform:
[echo] Transforming
C:\download\acegisecurity-2006-09-17-1686-src\acegisecurity\doc\docbook\acegi.xml
[java]
[java] (Location of error unknown) XSLT Error
(javax.xml.transform.TransformerException): java.net.ConnectException:
Connection timed out: connect
BUILD FAILED
Java returned: -1
at org.apache.tools.ant.taskdefs.Java.execute(Java.ja va:110)
at org.apache.tools.ant.Task.perform(Task.java:341)
at org.apache.commons.jelly.tags.ant.AntTag.doTag(Ant Tag.java:185)
at org.apache.commons.jelly.impl.TagScript.run(TagScr ipt.java:279)
at org.apache.commons.jelly.impl.ScriptBlock.run(Scri ptBlock.java:135)
at org.apache.maven.jelly.tags.werkz.MavenGoalTag.run
BodyTag(MavenGoalTag.java:79)
at org.apache.maven.jelly.tags.werkz.MavenGoalTag$Mav
enGoalAction.performAction(MavenGoalTag.java:110)
at com.werken.werkz.Goal.fire(Goal.java:639)
at com.werken.werkz.Goal.attain(Goal.java:575)
at com.werken.werkz.WerkzProject.attainGoal(WerkzProj ect.java:193)
at org.apache.maven.jelly.tags.werkz.MavenAttainGoalT
ag.doTag(MavenAttainGoalTag.java:127)
at org.apache.commons.jelly.impl.TagScript.run(TagScr ipt.java:279)
at org.apache.commons.jelly.impl.ScriptBlock.run(Scri ptBlock.java:135)
at org.apache.commons.jelly.TagSupport.invokeBody(Tag Support.java:233)
at org.apache.commons.jelly.tags.core.ForEachTag.doTa g(ForEachTag.java:145)
at org.apache.commons.jelly.impl.TagScript.run(TagScr ipt.java:279)
at org.apache.commons.jelly.impl.ScriptBlock.run(Scri ptBlock.java:135)
at org.apache.maven.jelly.tags.werkz.MavenGoalTag.run
BodyTag(MavenGoalTag.java:79)
at org.apache.maven.jelly.tags.werkz.MavenGoalTag$Mav
enGoalAction.performAction(MavenGoalTag.java:110)
at com.werken.werkz.Goal.fire(Goal.java:639)
at com.werken.werkz.Goal.attain(Goal.java:575)
at com.werken.werkz.Goal.attainPrecursors(Goal.java:4 88)
at com.werken.werkz.Goal.attain(Goal.java:573)
at com.werken.werkz.WerkzProject.attainGoal(WerkzProj ect.java:193)
at org.apache.maven.jelly.tags.werkz.MavenAttainGoalT
ag.doTag(MavenAttainGoalTag.java:127)
at org.apache.commons.jelly.impl.TagScript.run(TagScr ipt.java:279)
at org.apache.commons.jelly.impl.ScriptBlock.run(Scri ptBlock.java:135)
at org.apache.commons.jelly.TagSupport.invokeBody(Tag Support.java:233)
at com.werken.werkz.jelly.PreGoalTag$1.firePreGoal(Pr eGoalTag.java:87)
at com.werken.werkz.Goal.firePreGoalCallbacks(Goal.ja va:691)
at com.werken.werkz.Goal.fire(Goal.java:616)
at com.werken.werkz.Goal.attain(Goal.java:575)
at org.apache.maven.plugin.PluginManager.attainGoals(
PluginManager.java:671)
at org.apache.maven.MavenSession.attainGoals(MavenSes sion.java:263)
at org.apache.maven.cli.App.doMain(App.java:488)
at org.apache.maven.cli.App.main(App.java:1239)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Native
MethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De
legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.werken.forehead.Forehead.run(Forehead.java:551 )
at com.werken.forehead.Forehead.main(Forehead.java:58 1)
File...... C:\Dokumente und
Einstellungen\ingo.siebert\.maven\cache\maven-sdocbook-plugin-1.4.1\plugin.jelly
Element... java
Line...... 135
Column.... 119
Java returned: -1
Total time: 28 seconds
Finished at: Tue Sep 19 15:56:46 CEST 2006
Ray Krueger wrote:
> The scenario you've presented is best solved by the query, not the
> security layer. Your code should decide what the query parameters are
> based on the current user. This is an extremely business dependent
> decision.
>
> For example, keeping it simple, let's say you have a
> ContactDao.loadAll() method that returns a Collection of Contacts.
>
> ContactDao {
> Collection<Contact> findAll()
> }
>
> Your option here is to do some magical stuff with figuring out who the
> current user is by looking in the SecurityContext, or you can put that
> logic on the outside...
>
> ContactDao {
> Collection<Contact> findAllAllowed(User)
> }
>
> Fancy AOP based filtering and what not isn't always the answer :)
>
>
> That being said, a friend of mine has done some work auto-limiting a
> Hibernate Criteria query in our DAO layer. His work there is again
> based on business logic appropriate to our application.
>
> Now the other concern, why can't you build the 1.1 nightly?
>
> Don't be suprised if someone comes along and says I'm totally wrong on
> the above stuff :P
>
>
>
> On 10/19/06, Ingo Siebert <[EMAIL PROTECTED]> wrote:
>> Hi all,
>>
>> I'm needing the ACL feature for my application, because my database has
>> a really huge number of instances(contacts for example).
>>
>> If a user requests all contacts, only the contacts which he has access
>> to should be returned. A filtering after loading all contacts would be
>> too inefficient. That's why i need a before-query filtering, which will
>> be a WHERE clause in my opinion.
>>
>> Does the refactored ACL code (ACEGI 1.1) contains any new solution for
>> my problem?
>>
>> Any good suggestions for ACEGI 1.0 are also very welcome.
>>
>>
>>
>> I'm using the nightly build of ACEGI 1.1
>> (acegisecurity-2006-09-17-1686-src), but i see that the new ACL-Code
>> (with ACE and so on) is only in the sandbox directory. When will this
>> change?
>> I can't build the nightly version and that's why i'm interested in
>> compiled JAR files.
>>
>> Any help and ideas would be really wonderful.
>>
>> Cheers,
>>
>> Ingo
>> --
>> CRM Products Development - New Technologies
>>
>> CAS Software AG
>> Well informed. Always and everywhere.
>> www.cas.de
>>
>>
>> -------------------------------------------------------------------------
>> Using Tomcat but need to do more? Need to support web services, security?
>> Get stuff done quickly with pre-integrated technology to make your job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Home: http://acegisecurity.org
>> Acegisecurity-developer mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
