I'm interested on building such an API, like some building blocks that wold
fit on AppEngine restrictions without performance problems. Anyone
interested on starting up some building blocks? One nice thing about
building an ACL, or more explicity, an Authentication/Authorization API is
that we can also build other libraries that can be shared, and they all
honor the same authorization scheme.
My first implementation was to build some interfaces for the API (Account,
Permission) and then setup a simple ListProperty set of permissions and
store the Account permissions on the same Entity (fast gets, no grouping of
permissions, some interesting filtering schemes). Then, all modules that
have some authorization requirement will contribute whith their own
permissinos. An Account has a getKeyring() method that holds an Account
specific permissions. In such cenario, if you are using Guice AOP, for
example, you can try some nice interceptors to validate methods like this:
@AuthorizationRequired(validPermissions=Blog.CAN_POST)
public void postBlog(Blog entry) {
...
}
Not sure if I missunderstood your needs Brandon, but let me know if you want
to start working on something like that.
Best Regards,
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-appengine/-/WkltZm4tSjVscDRK.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en.
