Dave, We have found a problem in doing this - how to handle the cache. Now we can modify the JDBC classes and add some of our own ACL list. However, when those privileges are revoked in our system (outside of Slide), they are still existing in the cache, so slide will still take them as valid privileges. How do you solve this problem? How to synchronize the cache with the DB? Thanks in advance. regards, Jun
"Tauzell, Dave" <[EMAIL PROTECTED]> wrote: We created our own Store objects. We basically copied the JDBC* classes and just added in our own security checks. This isn't very elegant but it works and allows tight integration with our existing security system. -Dave -----Original Message----- From: Chris O'Connell [mailto:[EMAIL PROTECTED] Sent: Monday, December 20, 2004 2:05 PM To: Slide Users Mailing List Subject: RE: Using external privilege control Gao, The simple solution we are using to this problem is to just turn off the Slide authentication. Just comment out all the stuff in the web.xml that has your container checking for user info. Slide will consider the user to be 'unauthenticated'. If you set up your Slide permissions so that 'unauthenticated' user can perform reads and writes (actually, I don't think you need to do anything to make this happen) you will be good to go. We are toying with the idea of setting a userID as the 'comment' property (for example) so that we know which user did what to each item in the store. Note, if you do this, your store is wide open. We are going to use IP filtering so that we will only accept requests to the Slide application from our own data center. Depending on the contents you are storing, this may not be good enough for you. We are storing images and .wav files, so it isn't such a big deal. Chris -----Original Message----- From: Gao Jun [mailto:[EMAIL PROTECTED] Sent: Monday, December 20, 2004 12:33 AM To: [EMAIL PROTECTED] Subject: Using external privilege control Hi, We are using Slide in our application, as the content management module. Now we are trying to achieve integration of privilege management between Slide and our system's other parts: Our system has its own privilge and role management module. We want to do this, if a user is having some privilege in our system, like "MANAGE_DOCUMENT", then we will allow this user to be able to access (read and write) any documents in slide, without checking his/her privilege in Slide. I'd like to get some suggestion from all of you. What's the best stratege to do this? What part of code in Slide should be modified to achieve this? Thanks a lot. regards, Jun --------------------------------- Do you Yahoo!? All your favorites on one personal page - Try My Yahoo! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. Learn more.
