On Thu, Jun 24, 2010 at 9:45 PM, Suhothayan Sriskandarajah
<[email protected]> wrote:
> On 25 June 2010 09:45, Avdhesh Yadav <[email protected]> wrote:
>> Roles and Permissions can be stored in the JCR repository and configured
>> from the Admin UI.From Admin UI we can define/delete/edit permissions ,
>> roles and assign permissions to roles.
>>
>>
Java EE has the notion of Roles, does it make sense to look into using
that instead of a home grown solutions ?
>
> Super admin Role, Registered user Role, Unregistered user Role,
> Blocked user Role
> are hard coded
See comments above.
> Super admin Role will have all possible rights..
> Specially the right to configure the permissions of other roles (
> Registered user Role, Unregistered user Role, Blocked user Role and
> group-roles)
>
> The group-roles can be configured only by the super admin and registered user.
>
> I'm thinking of adding a div to the upload.html page. when "manage
> roles" button is pressed the present adminGallery div will be hidden
> and the new div will appear for handling roles
>
> When we use Json rpc there is no way for the back end to identify who
> is sending the request, as it cant access the session.
> So I thought of implementing a token system. where a token will be
> given to the front end at the page loading using an http call. Then
> the front end will send the token with all the Json request so the
> back end can process the request according to the session (the user
> and his permissions)
>
What I had done in the past was to configure specific operations (in
our case probably the whole service) with SCA policy, saying it
requires a specific role and the Tuscany runtime was handling the
authorization delegating to the Java EE server to handle provide a
list of roles for the given user.
<component name="Catalog">
<implementation.java class="services.FruitsCatalogImpl">
<operation name="get" policySets="allowManager" />
</implementation.java>
<property name="currencyCode">USD</property>
<service name="Catalog">
<operation name="get" requires="authentication"/>
<tuscany:binding.jsonrpc/>
</service>
<reference name="currencyConverter" target="CurrencyConverter"
/>
</component>
Anyway, the policy thing is really just food for thought, as it would
require LDAP integration or some kind of User Repository integration
and would limit the type of servers we could run PhotArk.
[1]
https://svn.apache.org/repos/asf/tuscany/sandbox/lresende/sca-1.x/samples/store-secure-webapp/
[2]
https://svn.apache.org/repos/asf/tuscany/sandbox/lresende/sca-1.x/samples/store-secure-webapp/src/main/resources/store.composite
--
Luciano Resende
http://people.apache.org/~lresende
http://twitter.com/lresende1975
http://lresende.blogspot.com/
