Good point. We use LdapPasswordAuthenticationDao so our roles are actually
LDAP groups. We have some groups for which memberships are automatically
managed via an external process. These groups have large memberships that
are quite prone to change. I was looking for a simple solution whereby I
might leverage the group memberships in LDAP, yet simplify the Acegi
Security configuration without impacting other administration processes.
>From the perspective of the problem I am trying to solve in my environment
my solution seems to be sound, but I agree it is not an attractive general
solution based on your insights.
I'll take a fresh look at this. Perhaps I can better use LDAP groups for
this purpose.
Thanks,
Matt DeHoust
Dollar Tree Stores, Inc.
757.321.5668
|---------+--------------------------------------------------->
| | Ben Alex <[EMAIL PROTECTED]> |
| | Sent by: |
| | [EMAIL PROTECTED]|
| | ceforge.net |
| | |
| | |
| | 04/22/2005 10:52 PM |
| | Please respond to |
| | acegisecurity-developer |
| | |
|---------+--------------------------------------------------->
>-----------------------------------------------------------------------------------------------|
|
|
| To: acegisecurity-developer@lists.sourceforge.net
|
| cc: (bcc: Matthew DeHoust/MIS/DLTR)
|
| Subject: Re: [Acegisecurity-developer] pseudo roles?
|
>-----------------------------------------------------------------------------------------------|
Matthew E.Porter wrote:
> FWIW, we are handling something similar by using groups. The tend to
> be easier for users to conceptualize.
>
I would agree with Matthew. It's going to be confusing for future
developers of your application if roles can aggregate other roles.
You'll also need to avoid infinite loops (eg ROLE_A = ROLE_B, ROLE_C,
but ROLE_B = ROLE_A, ROLE_D). Groups are a simple concept, which is
easily understood. Typically groups are implemented in an
AuthenticationDao.
Cheers
Ben
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
