Re: [Acegisecurity-developer] Can acegi do these?
Hi Patricia, Hi tedzo, Because you asked for it: Actually I have implemented support for hierarchical roles in Acegi. It is planned to be included in the Acegi/Spring Security 2.0 release. For a short overview how this will work take a look at http://opensource.atlassian.com/projects/spring/secure/attachment/12872/HierarchicalRoles.pdf My code contribution, user documentation and evolution of this new feature can be found as attachments under http://opensource.atlassian.com/projects/spring/browse/SEC-232 Cheers, Michael P. S.: I am currently on holidays and might not be able to check my mails before next Monday. Patricia Guimaraes wrote: Hi Shi, I am *very* interested in finding out how I can set up Acegi Security to support a role hierarchy. You mentioned in #1 below that Acegi Security can be configured to do that. Could you point me in the right direction by letting me know which documentation I can read to configure my application that way? Do you know of any sample applications demostrating this functionality? Thanks in advance for your help, Pat Patricia Guimaraes Principal Software Engineer Gene Logic Inc. 50 West Watkins Mill Road Gaithersburg, MD 20878 Phone: (240) 631-7450 Fax: (240) 364-7599 Email: [EMAIL PROTECTED] Mailing Address/Corporate Headquarters 610 Professional Drive Gaithersburg, MD 20879 _ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071distributionid=0066 - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Can acegi do these?
Shi and Michael, Thank you very much for your prompt responses! I looked at http://opensource.atlassian.com/projects/spring/browse/SEC-232 last night, after Shi pointed me to it, and downloaded the files posted on September 3. I haven't had a chance to try them out yet, but will do that as soon as I have a chance. Michael, I'll give you some feedback on it afterwards. Thanks again for all your help, Pat Michael Mayr [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/11/2007 08:21 AM Please respond to acegisecurity-developer@lists.sourceforge.net To acegisecurity-developer@lists.sourceforge.net cc Subject Re: [Acegisecurity-developer] Can acegi do these? Hi Patricia, Hi tedzo, Because you asked for it: Actually I have implemented support for hierarchical roles in Acegi. It is planned to be included in the Acegi/Spring Security 2.0 release. For a short overview how this will work take a look at http://opensource.atlassian.com/projects/spring/secure/attachment/12872/HierarchicalRoles.pdf My code contribution, user documentation and evolution of this new feature can be found as attachments under http://opensource.atlassian.com/projects/spring/browse/SEC-232 Cheers, Michael P. S.: I am currently on holidays and might not be able to check my mails before next Monday. Patricia Guimaraes wrote: Hi Shi, I am *very* interested in finding out how I can set up Acegi Security to support a role hierarchy. You mentioned in #1 below that Acegi Security can be configured to do that. Could you point me in the right direction by letting me know which documentation I can read to configure my application that way? Do you know of any sample applications demostrating this functionality? Thanks in advance for your help, Pat _ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071distributionid=0066 - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Can acegi do these?
Hi Shi, I am *very* interested in finding out how I can set up Acegi Security to support a role hierarchy. You mentioned in #1 below that Acegi Security can be configured to do that. Could you point me in the right direction by letting me know which documentation I can read to configure my application that way? Do you know of any sample applications demostrating this functionality? Thanks in advance for your help, Pat Patricia Guimaraes Principal Software Engineer Gene Logic Inc. 50 West Watkins Mill Road Gaithersburg, MD 20878 Phone: (240) 631-7450 Fax: (240) 364-7599 Email: [EMAIL PROTECTED] Mailing Address/Corporate Headquarters 610 Professional Drive Gaithersburg, MD 20879 Shi Lei [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/04/2007 11:40 PM Please respond to acegisecurity-developer@lists.sourceforge.net To acegisecurity-developer@lists.sourceforge.net cc Subject Re: [Acegisecurity-developer] Can acegi do these? hi, tedzo 1. yes, but you need to configure it yourself 2. take a look at Acegi Reference chapter 20.4 3. Acegi protect method (for example, methods related to your assets) and domain object, take a look at chapter 21, 22 as well as acegi-security-sample-contacts On 9/5/07, tedzo [EMAIL PROTECTED] wrote: Hello, I am trying to figure if acegi is the right framework to use for our requirements. Some of our requirements are as follows - 1. Allow me to define roles that are specific to my application AND that are hierarchical. For example, ROLE_VIEWER, ROLE_WRITER, ROLE_CREATOR, ROLE_SUPER where VIEWER can only view, WRITER can view AND write, CREATOR can view, write AND create and SUPER can do everything including delete. Can I define such a hierarchy? Will acegi automatically handle the hierarchy for me? 2. It seems that acegi handles access to web pages in as a whole, meaning, I can authorize (or not) a user attempting to view somepage.jsp, for example. However, lets say sompage.jsp contains a visual element, say a button, that needs to be displayed (or enabled) only to users with CREATOR and SUPER roles. Can I implement such a mechanism with acegi? Basically that would mean I should be able to provide a user's credentials and required access right for a given asset and acegi has to respond with a yes/no response of s some sort. 3. Can acegi provide me with a list of all protected assets (say files) that a user has access to? Meaning, lets say I have files that need to be protected such that some may be handled by a user with VIEWER role while others require user to have other roles. A user with WRITER role logs in and I want to present a list assets available for him/her to handle. Can I somehow query acegi for such a list? Thank you for your time. An Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Can acegi do these?
hi, Pat That's my fault. What I mean is that you can define specific roles to you application. But take a looke at this, http://opensource.atlassian.com/projects/spring/browse/SEC-232 I believe someone has already done lot of work in this field. Regards, Shi On 9/11/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Shi, I am *very* interested in finding out how I can set up Acegi Security to support a role hierarchy. You mentioned in #1 below that Acegi Security can be configured to do that. Could you point me in the right direction by letting me know which documentation I can read to configure my application that way? Do you know of any sample applications demostrating this functionality? Thanks in advance for your help, Pat Patricia Guimaraes Principal Software Engineer Gene Logic Inc. 50 West Watkins Mill Road Gaithersburg, MD 20878 Phone: (240) 631-7450 Fax: (240) 364-7599 Email: [EMAIL PROTECTED] Mailing Address/Corporate Headquarters 610 Professional Drive Gaithersburg, MD 20879 *Shi Lei [EMAIL PROTECTED]* Sent by: [EMAIL PROTECTED] 09/04/2007 11:40 PM Please respond to acegisecurity-developer@lists.sourceforge.net To acegisecurity-developer@lists.sourceforge.net cc Subject Re: [Acegisecurity-developer] Can acegi do these? hi, tedzo 1. yes, but you need to configure it yourself 2. take a look at Acegi Reference chapter 20.4 3. Acegi protect method (for example, methods related to your assets) and domain object, take a look at chapter 21, 22 as well as acegi-security-sample-contacts On 9/5/07, *tedzo* [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, I am trying to figure if acegi is the right framework to use for our requirements. Some of our requirements are as follows - 1. Allow me to define roles that are specific to my application AND that are hierarchical. For example, ROLE_VIEWER, ROLE_WRITER, ROLE_CREATOR, ROLE_SUPER where VIEWER can only view, WRITER can view AND write, CREATOR can view, write AND create and SUPER can do everything including delete. Can I define such a hierarchy? Will acegi automatically handle the hierarchy for me? 2. It seems that acegi handles access to web pages in as a whole, meaning, I can authorize (or not) a user attempting to view somepage.jsp, for example. However, lets say sompage.jsp contains a visual element, say a button, that needs to be displayed (or enabled) only to users with CREATOR and SUPER roles. Can I implement such a mechanism with acegi? Basically that would mean I should be able to provide a user's credentials and required access right for a given asset and acegi has to respond with a yes/no response of s some sort. 3. Can acegi provide me with a list of all protected assets (say files) that a user has access to? Meaning, lets say I have files that need to be protected such that some may be handled by a user with VIEWER role while others require user to have other roles. A user with WRITER role logs in and I want to present a list assets available for him/her to handle. Can I somehow query acegi for such a list? Thank you for your time. An -- Ready for the edge of your seat? *Check out tonight's top picks*http://us.rd.yahoo.com/evt=48220/*http://tv.yahoo.com/on Yahoo! TV. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now *http://get.splunk.com/*http://get.splunk.com/ ___ Home: *http://acegisecurity.org* http://acegisecurity.org/ Acegisecurity-developer mailing list* [EMAIL PROTECTED]Acegisecurity-developer@lists.sourceforge.net * **https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer *https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https
Re: [Acegisecurity-developer] Can acegi do these?
Shi, Thank you for your response. I have been reading the reference manual now. About your response #3 below, I am not sure I understand what you mean. I am trying to list out all the assets that a user has access to and I am not certain how protecting a method or object might help. I guess I am trying to find out if it is possible with acegi to do a kind of dry run for a given user in order to find out which assets are accessible by a user without actually accessing it (and getting hit by a accessDenied exceptions). Does what I am trying to convey make sense? Thanks, An - Original Message From: Shi Lei [EMAIL PROTECTED] To: acegisecurity-developer@lists.sourceforge.net Sent: Tuesday, September 4, 2007 8:40:54 PM Subject: Re: [Acegisecurity-developer] Can acegi do these? hi, tedzo 1. yes, but you need to configure it yourself 2. take a look at Acegi Reference chapter 20.4 3. Acegi protect method (for example, methods related to your assets) and domain object, take a look at chapter 21, 22 as well as acegi-security-sample-contacts On 9/5/07, tedzo [EMAIL PROTECTED] wrote: Hello, I am trying to figure if acegi is the right framework to use for our requirements. Some of our requirements are as follows - 1. Allow me to define roles that are specific to my application AND that are hierarchical. For example, ROLE_VIEWER, ROLE_WRITER, ROLE_CREATOR, ROLE_SUPER where VIEWER can only view, WRITER can view AND write, CREATOR can view, write AND create and SUPER can do everything including delete. Can I define such a hierarchy? Will acegi automatically handle the hierarchy for me? 2. It seems that acegi handles access to web pages in as a whole, meaning, I can authorize (or not) a user attempting to view somepage.jsp, for example. However, lets say sompage.jsp contains a visual element, say a button, that needs to be displayed (or enabled) only to users with CREATOR and SUPER roles. Can I implement such a mechanism with acegi? Basically that would mean I should be able to provide a user's credentials and required access right for a given asset and acegi has to respond with a yes/no response of s some sort. 3. Can acegi provide me with a list of all protected assets (say files) that a user has access to? Meaning, lets say I have files that need to be protected such that some may be handled by a user with VIEWER role while others require user to have other roles. A user with WRITER role logs in and I want to present a list assets available for him/her to handle. Can I somehow query acegi for such a list? Thank you for your time. An Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Can acegi do these?
OK, let me put it another way. Acegi cannot do what you say in #3. But if you really want to fulfill this function, try to build a database table of all the assets manually, then u can list them, and use Acegi to protect your domain object of this table for every single user, not limited to a specific user role. On 9/7/07, tedzo [EMAIL PROTECTED] wrote: Shi, Thank you for your response. I have been reading the reference manual now. About your response #3 below, I am not sure I understand what you mean. I am trying to list out all the assets that a user has access to and I am not certain how protecting a method or object might help. I guess I am trying to find out if it is possible with acegi to do a kind of dry run for a given user in order to find out which assets are accessible by a user without actually accessing it (and getting hit by a accessDenied exceptions). Does what I am trying to convey make sense? Thanks, An - Original Message From: Shi Lei [EMAIL PROTECTED] To: acegisecurity-developer@lists.sourceforge.net Sent: Tuesday, September 4, 2007 8:40:54 PM Subject: Re: [Acegisecurity-developer] Can acegi do these? hi, tedzo 1. yes, but you need to configure it yourself 2. take a look at Acegi Reference chapter 20.4 3. Acegi protect method (for example, methods related to your assets) and domain object, take a look at chapter 21, 22 as well as acegi-security-sample-contacts On 9/5/07, tedzo [EMAIL PROTECTED] wrote: Hello, I am trying to figure if acegi is the right framework to use for our requirements. Some of our requirements are as follows - 1. Allow me to define roles that are specific to my application AND that are hierarchical. For example, ROLE_VIEWER, ROLE_WRITER, ROLE_CREATOR, ROLE_SUPER where VIEWER can only view, WRITER can view AND write, CREATOR can view, write AND create and SUPER can do everything including delete. Can I define such a hierarchy? Will acegi automatically handle the hierarchy for me? 2. It seems that acegi handles access to web pages in as a whole, meaning, I can authorize (or not) a user attempting to view somepage.jsp, for example. However, lets say sompage.jsp contains a visual element, say a button, that needs to be displayed (or enabled) only to users with CREATOR and SUPER roles. Can I implement such a mechanism with acegi? Basically that would mean I should be able to provide a user's credentials and required access right for a given asset and acegi has to respond with a yes/no response of s some sort. 3. Can acegi provide me with a list of all protected assets (say files) that a user has access to? Meaning, lets say I have files that need to be protected such that some may be handled by a user with VIEWER role while others require user to have other roles. A user with WRITER role logs in and I want to present a list assets available for him/her to handle. Can I somehow query acegi for such a list? Thank you for your time. An -- Ready for the edge of your seat? Check out tonight's top pickshttp://us.rd.yahoo.com/evt=48220/*http://tv.yahoo.com/on Yahoo! TV. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.http://us.rd.yahoo.com/evt=48251/*http://smallbusiness.yahoo.com/webhosting/?p=PASSPORTPLUS - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list
Re: [Acegisecurity-developer] Can acegi do these?
One other point- It appears that Acegi throws an exception when authorization fails. I was wondering if that might not become expensive if one has to protect a large number of assets (if I need to figure out which of say 1000 files a user has access to. That will be like a 1000 exceptions thrown if user has access to none of them?) Thanks. - Original Message From: tedzo [EMAIL PROTECTED] To: acegisecurity-developer@lists.sourceforge.net Sent: Tuesday, September 4, 2007 12:51:36 PM Subject: [Acegisecurity-developer] Can acegi do these? Hello, I am trying to figure if acegi is the right framework to use for our requirements. Some of our requirements are as follows - 1. Allow me to define roles that are specific to my application AND that are hierarchical. For example, ROLE_VIEWER, ROLE_WRITER, ROLE_CREATOR, ROLE_SUPER where VIEWER can only view, WRITER can view AND write, CREATOR can view, write AND create and SUPER can do everything including delete. Can I define such a hierarchy? Will acegi automatically handle the hierarchy for me? 2. It seems that acegi handles access to web pages in as a whole, meaning, I can authorize (or not) a user attempting to view somepage.jsp, for example. However, lets say sompage.jsp contains a visual element, say a button, that needs to be displayed (or enabled) only to users with CREATOR and SUPER roles. Can I implement such a mechanism with acegi? Basically that would mean I should be able to provide a user's credentials and required access right for a given asset and acegi has to respond with a yes/no response of s some sort. 3. Can acegi provide me with a list of all protected assets (say files) that a user has access to? Meaning, lets say I have files that need to be protected such that some may be handled by a user with VIEWER role while others require user to have other roles. A user with WRITER role logs in and I want to present a list assets available for him/her to handle. Can I somehow query acegi for such a list? Thank you for your time. An Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. Park yourself in front of a world of choices in alternative vehicles. Visit the Yahoo! Auto Green Center. http://autos.yahoo.com/green_center/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Can acegi do these?
hi, tedzo 1. yes, but you need to configure it yourself 2. take a look at Acegi Reference chapter 20.4 3. Acegi protect method (for example, methods related to your assets) and domain object, take a look at chapter 21, 22 as well as acegi-security-sample-contacts On 9/5/07, tedzo [EMAIL PROTECTED] wrote: Hello, I am trying to figure if acegi is the right framework to use for our requirements. Some of our requirements are as follows - 1. Allow me to define roles that are specific to my application AND that are hierarchical. For example, ROLE_VIEWER, ROLE_WRITER, ROLE_CREATOR, ROLE_SUPER where VIEWER can only view, WRITER can view AND write, CREATOR can view, write AND create and SUPER can do everything including delete. Can I define such a hierarchy? Will acegi automatically handle the hierarchy for me? 2. It seems that acegi handles access to web pages in as a whole, meaning, I can authorize (or not) a user attempting to view somepage.jsp, for example. However, lets say sompage.jsp contains a visual element, say a button, that needs to be displayed (or enabled) only to users with CREATOR and SUPER roles. Can I implement such a mechanism with acegi? Basically that would mean I should be able to provide a user's credentials and required access right for a given asset and acegi has to respond with a yes/no response of s some sort. 3. Can acegi provide me with a list of all protected assets (say files) that a user has access to? Meaning, lets say I have files that need to be protected such that some may be handled by a user with VIEWER role while others require user to have other roles. A user with WRITER role logs in and I want to present a list assets available for him/her to handle. Can I somehow query acegi for such a list? Thank you for your time. An -- Ready for the edge of your seat? Check out tonight's top pickshttp://us.rd.yahoo.com/evt=48220/*http://tv.yahoo.com/on Yahoo! TV. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer