There has been some
discussion recently about implementing security for an OO application and Roland
posted his method this morning which I am personally very appreciative of.
It is always nice to see an example. The security scheme I am needing to
implement is very similar to the one Roland posted, so this is background info.
----------
To perform an action upon a given object, I have to have
the right to perform that action as well as access or
permission to the object I want to perform the action upon. For
example, just because a sales rep. has the right to create proposals
and permission to do so for his company does not mean he has
permission to create proposals for another company. In the same
sense just because a support engineer has permission to
access the server room does not give then the right to change the
configuration of a server.
So, for every action in the application, the
following checks need to be
done:
- Does the
user have the right to perform the given action? (create
proposal)
- Does the
user have permission to perform the given action on this object? (company
123)
----------
- A user
knows what his/her rights are, so it should be the one to state if it has a
given right?
user.checkUserRight(
'create proposal' ):boolean
- Who better
knows what rights are required for a given action than the object those actions are being performed
on, so that means that an individual object should be the one asking the user if
it has a given right?
document object is passed a
user object and calls the checkUserRight( 'create proposal' ) on that
user
- An object
has an access control list, so it should be the one to state if a user has
access to it?
object.checkAccess( user ):boolean
But, from an OO design standpoint, does all of this
not put to much responsibility in the user and object to know about
security?
On the flip side, all of this
logic could be moved to the
controller, but .... what if I want to put an HTML interface and a Flex
interface on an application? The HTML interface could use a Fusebox controller, but the Flex
interface would access the objects via web services. So now, I am managing
security in an Fusebox controller and in a Flex controller and if something
needed changing (i.e. a right for a given method), I would have to find and
change it in multiple places, so this is no good
either.
Also, as components
are basically an API, should the application that utilizes the API have to know
about security or should the API handle that?
So, are there significant design or reusability issues in
going one path (internal object security) vs. another (security in the
controller), or is there another path all together? I am just about to the
point of saying there is no right answer and flipping a coin. Anybody else
want to chime in?
Thanks
--
Jeff
