Zsolt, Right now the backend implementations are pretty minimal. You can look up information from JDBC via Hibernate, or from in Memory, or look up some types of information from NT.
The code that was recently committed into CVS is the last major refactoring before 1.0. I have been using it on a couple projects very successfully. It is basically a major refactoring of the code in Turbine for security, so it has been around for a while. The approach to take is to check out the fulcrum code from CVS. A pain, I know, but we aren't quite yet to a 1.0. If you then run the build, you will execute a bunch of unit tests. Those tests are the best examples, they demonstration removing/granting rights, adding/deleting entities, etc.. They also demonstate the adapters for hooking into opensymphony and turbine projects. Eric Pugh > -----Original Message----- > From: Zsolt Koppany [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 06, 2003 8:15 AM > To: Turbine Users List > Subject: RE: hibernate security service... > > > Hi, > > does it mean that there is a security API that works with > JDBC and it can be > used immediately? Does it depend on other packages? I need a > solution to > start immediately. Do have some sample applications? How can I get the > software? > > Zsolt > > > -----Original Message----- > > From: Humberto Hernandez Torres [mailto:[EMAIL PROTECTED] > > Sent: Saturday, December 06, 2003 1:06 AM > > To: Turbine Users List > > Subject: RE: hibernate security service... > > > > > > OK. I will find some time this weekend. > > -- > > Humberto > > > > > -----Original Message----- > > > From: Eric Pugh [mailto:[EMAIL PROTECTED] > > > Sent: Friday, December 05, 2003 5:51 PM > > > To: 'Turbine Users List' > > > Subject: RE: hibernate security service... > > > > > > > > > The code is committed. However, due to maven reactor leaking > > > memory, I > > > couldn't update the site yet. So download the code from cvs > > > and run the > > > build. As soon as I can figure out how to get the > > > multiproject site build > > > to work, I'll update it.. (I think I need to remove some of > > > the reports). > > > > > > At any rate, if you have a problem building, please let me know... > > > Eric > > > > > > > -----Original Message----- > > > > From: Eric Pugh [mailto:[EMAIL PROTECTED] > > > > Sent: Friday, December 05, 2003 8:52 PM > > > > To: 'Turbine Users List' > > > > Subject: RE: hibernate security service... > > > > > > > > > > > > I will go ahead and commit the code tonight so you can see it... > > > > > > > > > -----Original Message----- > > > > > From: Humberto Hernandez Torres > [mailto:[EMAIL PROTECTED] > > > > > Sent: Friday, December 05, 2003 8:09 PM > > > > > To: Turbine Users List > > > > > Subject: RE: hibernate security service... > > > > > > > > > > > > > > > I've had the idea of a JDBC Security Service for a while to > > > > > avoid depending > > > > > on Torque or Hibernate. I know that if don't implement it > > > > > myself it will > > > > > remain just an idea. > > > > > > > > > > I will certanly like to see what you are doing. > > > > > > > > > > -- > > > > > Hyumberto > > > > > > > > > > > -----Original Message----- > > > > > > From: Eric Pugh [mailto:[EMAIL PROTECTED] > > > > > > Sent: Friday, December 05, 2003 11:52 AM > > > > > > To: 'Turbine Users List' > > > > > > Subject: RE: hibernate security service... > > > > > > > > > > > > > > > > > > You could very easily roll one.. A lot of my thinking on > > > > > > the Security > > > > > > Service came out of working and writing unit tests for > > > OSWorkflow. > > > > > > OSWorkflow faces a similar challenge, how to > provide multiple > > > > > > implementations for persisting data. There are > > > > > > jdbc,ojb,hibernate,memory,filestore,ofbiz, ejb etc > > > > implementations. > > > > > > > > > > > > The problem with the JDBC is that yes, while it is > simpler to > > > > > > start with, > > > > > > and reduces jar numbers, etc, eventually someone comes up > > > > > > with problems with > > > > > > getting a jdbc transaction to participate in a larger > > > > > > transaction. Or they > > > > > > want caching. That is where using the Hibernate > (or other ORM) > > > > > > implementation starts to payoff. > > > > > > > > > > > > I have been refactoring madly the security code based on > > > > > > seeing some best > > > > > > practices for writing merlin components. The current code > > > > > > base that I am > > > > > > going to give one last review to is composed of multiple > > > > > > projects that helps > > > > > > deliniate which dependencies are required. > Currently they are: > > > > > > /api What the application sees. > > > > > > /spi Helper classes that > > > > > > implementations can leverage. Not yet a "true" > > > > > > SPI, but getting there. > > > > > > /mememory A memroy based implementation > > > > > > that gets you started quickly. > > > > > > Useful in unit testing or doing examples.. > > > > > > /hibernate A hibernate based > > > > > > implementation. The unit tests currently > > > > > > interact with a McKOI in memory database! > > > > > > /nt An NT based implementation. > > > > > > Looks user and group information up from > > > > > > NT. Note: you do need a username and password, it > doesn't use > > > > > > anything like NTLM yet. > > > > > > /adapters/turbine An adapter for fooling Turbine 2.3 > > > > > > based security into > > > > > > delegating to the fulcrum security code. > > > > > > /adapters/opensymphony An adapter that lets OSUser > > > > > delegate calls for > > > > > > authentication to Fulcrum security. > > > > > > > > > > > > At this time I removed the Torque based code. It was > > > > completely un > > > > > > unittested, barely compiled, and not used. If there is a > > > > > > demand for it, > > > > > > then we can add it back in as another project /torque. > > > > > > Additionally, if > > > > > > someone would like to provide a jdbc implementation, that > > > > > > would be great. > > > > > > Look at the OSUser jdbc implementation for ideas. > > > > > > > > > > > > Additionally, in terms of models I have working are: > > > > > > > > > > > > Dynamic Users in groups with roles and > > > > > > permissions > > > > > > Basic Users in groups > > > > > > Turbine Extends Dynamic, adding extra > > > > > > functionality like isAnonymousUser > > > > > > and getGlobalGroup. Otherwise the same as Dynamic. > > > > > > > > > > > > Humberto, since you had the best explanation of the Turbine > > > > > > security model, > > > > > > once I get the code checked in, I would appreciate it if you > > > > > > could review > > > > > > how it works for me. > > > > > > > > > > > > Sincerely, > > > > > > Eric Pugh > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Humberto Hernandez Torres > > > [mailto:[EMAIL PROTECTED] > > > > > > > Sent: Wednesday, November 26, 2003 6:43 PM > > > > > > > To: Turbine Users List > > > > > > > Subject: RE: hibernate security service... > > > > > > > > > > > > > > > > > > > > > I am of the idea, that we should have a generic > JDBC Security > > > > > > > Service that > > > > > > > runs directly on top of JDBC and is independent > of Torque or > > > > > > > Hibernate. It > > > > > > > just seems simpler. > > > > > > > -- > > > > > > > Humberto > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Eric Pugh [mailto:[EMAIL PROTECTED] > > > > > > > > Sent: Tuesday, November 25, 2003 1:02 PM > > > > > > > > To: 'Turbine Users List' > > > > > > > > Subject: RE: hibernate security service... > > > > > > > > > > > > > > > > > > > > > > > > Gerardo, > > > > > > > > > > > > > > > > there is a bunch coming.. While the current hibernate > > > > > > > > service works well, I > > > > > > > > am in the process of refactoring the project to have: > > > > > > > > > > > > > > > > /api > > > > > > > > /hibernate > > > > > > > > /memory > > > > > > > > /adapters > > > > > > > > /turbine > > > > > > > > /opensymphony > > > > > > > > > > > > > > > > so that you don't get a big bunch of extra > stuff. I am also > > > > > > > > adding a new > > > > > > > > model in called "groups" that basically allows > you to put > > > > > > > > users in multiple > > > > > > > > groups, and groups in multiple groups. But no > "roles" or > > > > > > > > "permissions". I > > > > > > > > will have a hibernate and memory implmentations of that. > > > > > > > > Look for it in > > > > > > > > about two weeks, as I am traveling a bunch.. > > > > > > > > Eric > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Gerardo Segura [mailto:[EMAIL PROTECTED] > > > > > > > > > Sent: Monday, November 24, 2003 6:11 PM > > > > > > > > > To: [EMAIL PROTECTED] > > > > > > > > > Subject: hibernate security service... > > > > > > > > > > > > > > > > > > > > > > > > > > > Hi > > > > > > > > > is there any security service based on hibernate? > > > > > > > > > Or any docs besides the 'Hibernate OM Howto' about > > > > > > > turbine-hibernate > > > > > > > > > stuff? <../howto/hibernate-howto.html> > > > > > > > > > > > > > > > > > > Gerardo > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > > To unsubscribe, e-mail: > > > > > > > [EMAIL PROTECTED] > > > > > > > > > For additional commands, e-mail: > > > > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > To unsubscribe, e-mail: > > > > > > [EMAIL PROTECTED] > > > > > > > > For additional commands, e-mail: > > > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe, e-mail: > > > > > [EMAIL PROTECTED] > > > > > > > For additional commands, e-mail: > > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: > > > > [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
