Welcome to the Keel list!
So, you already have a MVC separation, with the C-to-V interface throughGUI deployable via webstart for the client. Talking to the server component via lightweight xml messaging and a bpm tool (my own soap replacement).
XML? The easiest way, is to simply leave that alone and hook up your "models"
(is bpm - business process modeling?) to a custom keel-client implementation.
See my poor diagram below, talking about the swing GUI.
JAAS authentication is implemented, and there are several login modules are already implemented. You could use configuration in files, or data in SQL tables, or a UNIX NIS domain, or an NT domain, etc. etc. It is easy to write modules to interface to legacy systems as long as you can get to the user/password data somehow.Would keel be useable here? As far as I can see its JAAS authentication might be very useful.
Depends on how the Client and Account objects are stored. If they are in separate tables, then Account can have its own authorization defined and what you described would work. If they are all in the same table, then Keel has InstanceSecurable where you provide an instance id and store authorization data for each instance of the client record. In the end, Keel uses authentication managers, for which you can write a custom implementation, if what Keel provides out of the box is not suitable.I'm unfamiliar with security in general and expecially on the swing client side. (First app to secure a swing inteface) I need to be able to be able to secure certain fields in some objects. For example:
class Client UID clientId String firstName String lastName Account account
I need one group to be able to view/edit/delete everything and another group to only be able to view everything and edit everything except the Account object. Etc etc etc.
This sort of task is easy in a webapp environment using ejb or straight
sql but I really have little idea about how to accomplish this in a
swing/hibernate architecture. I have a strong feeling that the Keel
security model might enable this?
I have searched through the wiki but have only found a couple of pages.This has been talked about many times, but never been implemented.
One saying I'd need to write my own swing module or something - how long
would this take?
On the client side, in your case, you need a adapter to interface between your swing GUI and a custom implementation of the keel-client interface. The keel-client to server interface consists simply of a request object, that contains the input data/parameters to the particular business logic that that request is meant for. In addition, the "name" of the business logic, model in Keel terms, is specified. The business logic uses Keel services to perform its function and returns the data in a response object. The response object contains output, input (if the model's job was to create the prompts required for the next model), and commands (parameters and data to transiton to another model). I go to this detail to say that you probably don't want a tight coupling of swing widgets to Keel, that is not necessary, and the Keel models shouldn't know about the details of your screen/widget layout. Instead, stick to MVC, in my mind two layers of MVC as follows:
Swing View<->Your Controller(s)<-X->Your Model Adapter<->Keel-Client<->Keel-Comm<->Keel-Server (with Your Models).
X= your lightweight XML messaging.
I am only depicting the various logical blocks, not that they couldn't be as commbined or as separated as you want. For instance, "Your Model Adapter" and "Keel Client" could be combined, and "Keel Comm" and "Keel Server" could be combined using our "direct, single-VM" comm. layer.
HTH, Shash
http://keelframework.org/documentation Keelgroup mailing list [EMAIL PROTECTED] http://lists.keelframework.com/listinfo.cgi/keelgroup-keelframework.com
