Eduard Witteveen <[EMAIL PROTECTED]> wrote:
> Michiel Meeuwissen wrote:
>
> >Normally, when we want to implement a piece of MMBase functionality (e.g.
> >some scheduled job), we want to use 'bridge', because its much cleaner
> >interface. But to use bridge, you need to be logged on. So not seldomly, we
> >see code to acquire a Cloud, where authentication credententials are
> >hard-coded.
> >
> >
> I totally agree that we lack functionality here, but i am missing some
> functionality in your implementation.
I am not targeting at perfection at once, only at improvement.
> I myselve was more thinking about the following sollution:
> Object ExecuteAs(UserContext user, SuduInterface toExecute)
> Object ExecuteAs(UserContext user, SuduInterface toExecute, string
> UserId)
So, I still need a way to obtain the UserContext object.
> Object ExecuteAs(SuduInterface toExecute, string UserId)
And here someway the user-context msut be created from a string. How?
> and the interface:
> public interface SuduInterface {
> public Object secureRun(CloudContext);
> }
Btw, you mean 'sudo' not 'sudu'.
Still, I think sudo is something what does the other direction. Sudo gives
rights on functionality to users. For sudo you would neet yet another
configuration, connecting users to classes. What I am proposing is about
giving users to functionality, so connecting classes to users.
So I think we are talking about something completely different.
> Ofcourse this has to be wrapped by the cloud.
>
> Personally i like the idea that:
> - Classes that wantto execute code as an user have to implement a
> certain interface
I don't see the point of that.
> - The execution of classes should be a trival part of MMBase and
> should therefore not be made implementation dependend, but it should be
> integrated into the interface. Using the login with a method "classes"
> is not the way we should look at this for future usage.
My proposal is not about the execution of classes, but about the retrieval
of UserContexts.
> - How are you going to check if the class that retrieved the
> UserContext is the same as which is doing the operations? (i dont think
> that looking at the trace is sufficent enough)
The classes which I mentioned don't retrieve UserContexts, they request to
retrieve one, and are going to do their operation by it (or rather, by the
Cloud they received).
Btw, before trying to make an MMBase sudo, I propose that we get
SecurityManagers working first, for otherwise sudo is completely folly.
Michiel
--
Michiel Meeuwissen |
Mediapark C101 Hilversum |
+31 (0)35 6772979 | I hate computers
nl_NL eo_XX en_US |
mihxil' |
[] () |
