Thank you very much for the reply, Chris and Dave. I think to disable the whole security mechanism of slide is not suitable for us because that means we have to implement all those useful security functions of slide by ourselves, like the privilege inheritance. To change the store layer might work for us. We can keep the slide mechanism and add some more of our own in there. We will have a try of this. Thanks a lot. regards, Jun
"Tauzell, Dave" <[EMAIL PROTECTED]> wrote: We created our own Store objects. We basically copied the JDBC* classes and just added in our own security checks. This isn't very elegant but it works and allows tight integration with our existing security system. -Dave -----Original Message----- From: Chris O'Connell [mailto:[EMAIL PROTECTED] Sent: Monday, December 20, 2004 2:05 PM To: Slide Users Mailing List Subject: RE: Using external privilege control Gao, The simple solution we are using to this problem is to just turn off the Slide authentication. Just comment out all the stuff in the web.xml that has your container checking for user info. Slide will consider the user to be 'unauthenticated'. If you set up your Slide permissions so that 'unauthenticated' user can perform reads and writes (actually, I don't think you need to do anything to make this happen) you will be good to go. We are toying with the idea of setting a userID as the 'comment' property (for example) so that we know which user did what to each item in the store. Note, if you do this, your store is wide open. We are going to use IP filtering so that we will only accept requests to the Slide application from our own data center. Depending on the contents you are storing, this may not be good enough for you. We are storing images and .wav files, so it isn't such a big deal. Chris -----Original Message----- From: Gao Jun [mailto:[EMAIL PROTECTED] Sent: Monday, December 20, 2004 12:33 AM To: [EMAIL PROTECTED] Subject: Using external privilege control Hi, We are using Slide in our application, as the content management module. Now we are trying to achieve integration of privilege management between Slide and our system's other parts: Our system has its own privilge and role management module. We want to do this, if a user is having some privilege in our system, like "MANAGE_DOCUMENT", then we will allow this user to be able to access (read and write) any documents in slide, without checking his/her privilege in Slide. I'd like to get some suggestion from all of you. What's the best stratege to do this? What part of code in Slide should be modified to achieve this? Thanks a lot. regards, Jun --------------------------------- Do you Yahoo!? All your favorites on one personal page - Try My Yahoo! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Do you Yahoo!? Meet the all-new My Yahoo! � Try it today!
