Re: [Stripes-users] Roles based authentication

Mon, 22 Sep 2008 09:40:19 -0700 

On 21-09-2008 at 17:42, Nathan Maves wrote:
> After read both articles on the site and the security chapter in the
> upcoming book I am still questioning what the best practice is for roles
> based authentication.
> 
> I am looking for a good way to make roles based decisions inside of an
> actions execution method.

There is really no "best" practice for using roles for access decisions.
There are however, several good practices that I know of:

1. Use declarative access controle where possible.

The stripes-security plugin that Freddy mentioned help to bring declarative
role based security to Stripes. In addition, it has a SecurityManager that
allows you to conditionally apply roles. For example, editing a project
record may be restricted to:
        a. all users with the role "EditProject"
        b. all project members that have the role "EditProjectAsMember"

In this example, case a is classic role based authorization, while case b
restricts the role based on the relationship between the project ad the user.


2. Use instance based access controls where declarative, role baseѕ access
   controls are not sufficient.

Also known as ACL's or permission based access controls, this type of access
control is most often implemented in code near the business logic. Some
frameworks exist, like Spring Security (formerly called Acegi).

You can also implement this using the stripes-security plugin in combination
with your own annotations or other design (making it declarative as well).
For that you'd have to implement your own SecurityManager. This is probably
not for you though, as you mentioned you want roles based authentication.


Oscar

-- 
   ,-_   Progress is made by lazy men looking for easier ways to do
  /() )  things.
 (__ (
=/  ()    -- Robert Heinlein

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users

Reply via email to