Would it be feasable to integrate Apache Shiro [1] into Isis? A lot of frameworks use it to handle authentication, authorization and session management. It supportsĀ LDAP, JDBC and ActiveDirectory out-of-the-box and from what I've seen it shouldn't be hard to make it use domain objects too.
In the the project I'm currently working on we have a future desire to hook up ActiveDirectory with Isis. I don't expect to be working on this in the next 6 months but if more people share this idea we might be able to give it some thrust. Cheers, Jeroen [1] http://shiro.apache.org/index.html On Mon, Jun 11, 2012 at 2:09 PM, Dan Haywood <[email protected]> wrote: > > On 11 June 2012 12:58, Kevin Meyer - KMZ <[email protected]> wrote: > > > > > > Thanks Kevin, it is working now. Is there anything on sql based > > > authorization? > > > > Errrmm... good question. > > > > I think I once toyed with a proto sql authorization that was a more-or- > > less direct copy of the file based one, just that it fetched data from a > > table.. but I don't recall if I committed it. > > > > There does seem to be a SqlAuthorizationManagerInstaller, however the > implementation of SqlAuthorizer appears to be a no-op. > > > > > > > My issue is that I never had a UI to edit the roles - so all the back-end > > stuff (adding roles, methods, etc) had to be managed via another tool > > (e.g. phpMyAdmin!). > > > > The big project over in Ireland has the roles/permissions stuff as domain > objects, so you get the UI for free ;-) ! > > Basically, the Authorizor implementation would connect directly (via JDBC > or equiv) to the underlying tables to which the domain objects are > persisted. > > As a good practice, probably worth defining some SQL views to create a > level of decoupling. > > > > > > > > > And don't ask about auto-learning! > > > > This would require the Authorizor impl to automatically insert rows into > the domain object tables ... not sure if that's a good idea myself, either. > > > I don't think you'll find it particularly difficult to write an > implementation... with a following wind you could probably get something > workable in an afternoon. > > Dan
