Re: [Acegisecurity-developer] MSc Thesis on middle tier security
Sergio Berna wrote: Andy, I agree that filtering the method response is a fascinating area. The only problem I have always found on filtering a method response is that it doesn't scale properly when performance is an issue. I'm particularly thinking on Collections here, where the full collection check for permissions would degrade performance on big enough collections. Maybe providing intelligent collections and Iterators that perform the security check when accessed could be a wiser approach for that area (like hibernate for lazy load modification). That would imply that a response from a method would be a proxy on the original object that enforces all the security restrictions specified. A generated object wrapper for collections and POJOs that enforces security would be an interesting extension. The necessary hook to add the wrapper is already provided via the AfterInvocationManager. An alternative approach would be to use AspectWerks, rather than something like CGLIB. The nice thing about AspectWerks is a suitable AbstractSecurityInterceptor subclass could also be written that enforces security on domain object instances. In terms of performance, I would never advocate running the existing ACL-based AfterInvocationProviders against large Collections, because not only is there a performance issue at a JVM level to iterate every Collection element, but far more importantly there is the JDBC cost of obtaining the AclEntry[]s from the AclManager. Whilst they do get cached, the AclEntry[]s obviously need to come from the database at some point. This Collection size issue reminds me of someone who was looking for a solution to paginating their Collection results, where the AfterInvocationManager may remove elements. They wanted to ensure the page size was always honoured, even if certain elements were removed due to security. A solution I think was suggested was to retrieve more elements than needed, knowing the AfterInvocationManager would likely remove some of them. I think an alternative was to use a utility class on the client-side, to recall the relevant method repeatedly until the required Collection size is received. A more elegant approach to this problem might be considered in any improvements to the existing AfterInvocationProviders, or any new implementations thereof. Ben --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] MSc Thesis on middle tier security
Vladimir Horev wrote: Hello list! I'm planning to write a MSc thesis on the subject of business tier security. My idea was to take part of some open source project (acegi) and develop some component that I could use in my thesis. Could you recommend me something on that? regards, Vladimir Hi Vladimir What exactly would you like to write? A sample application, an extension, something else? There's no shortage of extensions you could write to the security framework if that was your interest. Did you have a particular area you wanted to focus on? I sent an email to the list yesterday with some simple features we'd like to add, but there are also some more complex areas you might like to consider such as add additional single sign on systems, enabling client certificate authentication, and digitally signing change reports (in a browser window) etc. Best regards Ben --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] MSc Thesis on middle tier security
The new model object filtering is a fascinating area in my mind. One thing we've implemented (before Acegi had its own filtering) is the ability to filter down to the property level on an object. In other words, you can secure a specific property and if someone doesn't have clearance then the property will be cleared. This introduces all sorts of interesting problems in some scenarios. For example, in our case the value objects passed back and forth between clients and server side services double as our Hibernate data object model. In other words, we don't have separate value objects but instead use a single data object model for both data access and service invocation. This gets quite tricky when you combine it with property level filtering. Imagine a service method that returns a model object with several properties filtered out. The user then makes some changes to the object and sends it back in another service call to be updated. What the user sends back to the server is a partial object in that some of the properties are blank since they were secured from the client to begin with. If you persisted the object as-is, then Hibernate would blindly write those cleared property values back to the DB - very bad. Oh, and don't forget that some properties could be secured for a particular client so that they are read-only or even write-only. And don't forget to throw a security exception if the client tries to pass a value in a non-writeable field. And then there's recursive data structures to contend with... property values that are themselves collections of securable objects... and if you filtered a collection of securable objects from a property, and the client returns that object to the server to be updated, how do you determine if the client legitimately removed an object from the collection, or if the object was filtered due to security? You wouldn't want to have hibernate persist the collection as-is, or it would remove from the DB objects that were only filtered for security reasons. Fun stuff, eh? - Andy On Thursday 30 December 2004 01:49 pm, Vladimir Horev wrote: Hello list! I'm planning to write a MSc thesis on the subject of business tier security. My idea was to take part of some open source project (acegi) and develop some component that I could use in my thesis. Could you recommend me something on that? regards, Vladimir --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
