Martin, I think that you may be able to do everything you need by using the Turbine adapter for Fulcrum Security[1], and implementing your own "Model" where the only entity you have is a User. There are currently 3 different models, however, you would need to implement your own, which isn't a big deal.[2] Lastly, since you have your own custom scheme for dealing with passwords, you'll need to implement your own authenticator[3].
With Hibernate, you can map in the hbm mapping files from the columns in your existing database tables to whatever the objects are that you generate for your "SuperSimple" model! Yes, we hope to get rid of some of the Torque specific stuff in the API! If you use the Turbine adapter, you inherit a lot of that stuff, but it runs in the 2.3 environment. If you use Fulcrum Security directly, then all of that stuff is gone. Hopefully in 2.4/2.5 that stuff will be finally removed. there has been work/discussion on a PipelineData object that would be more generic to replace some of the specifics in RunData. Eric Pugh [1] http://jakarta.apache.org/turbine/fulcrum/fulcrum-security-adapter-turbine/i ndex.html [2] http://jakarta.apache.org/turbine/fulcrum/fulcrum-security-site/index.html [3] http://jakarta.apache.org/turbine/fulcrum/fulcrum-security-site/authenticato rs.html > -----Original Message----- > From: Martin Stolz [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 09, 2004 3:11 PM > To: Turbine Users List > Subject: I need simple Access Control (Security) with Turbine without > ACL�s or Roles, how to do? > > > Hi all, > > i have been thinking about this for a while and now i will ask, i am not > sure that i will be on the right way. I have a Oracle Database and a > VERY simple System for User Management: > > - Eigther you are a User, or you are not. You cannot view anything when > you are no User. > - You can view everything, when you have a valid username/password > - Passwords are hashed using self-employed (weak) String encryption > (don�t blame me, i am NOT responsible for this) > - The Table storing this information just has the Fields ID, username, > Password and nothing else. > - I don�t want to loose the Session Handling and User Objects associated > with the RunData. > - I can not create ANY tables or stuff in the Database Schema. It just > stays like it is now. > > How would this translate into Turbine 2.3? I am not using Torque (at > least i try not to use it) but Hibernate. I have been looking for a > simple Solution and there are two ways, both of them have some > Advantages and Disadvantages: > > 1) Implement my own Screen that checks for my simple Security and > otherwise redirects to login page. I am not sure how i would preserve > the session handling (eg. data.getUser().setTemp() is neccessary...) > with this solution. Would it be enough to just override the UserManager? > But it will not work without Torque, would it? Or is it ok to just set > the User in the RunData? But i will have a implementation of User that > will also have some methods not implemented. > > 2) Go for it and implement the SecurityService, ACL, UserManager and > User-Objects for myself. (Un)fortunately, this means writing a real lot > of Methods that throw RuntimeExceptions, because they are not > implemented. Ok, they are never called, but this is not good style. The > API is designed for a ACL-based Role System, i know. I only have one > Role, a User. Eighter you are a User or you arent. But i cannot store > even this role anywhere and just override the checkPassword() with my > check. I dont want to create any new Tables. > > What should i do? I�ve tried finding information on this one, but i was > not successful. Maybe i am the only one having this sort of problem...? > > One general remark: I know Turbine and Torque were married a while ago, > now they are divorced, but good friends. Is it planned to remove the > References of Criteria and other Torque Stuff from the ACL API and > implementation? Maybe make this Part more general? Its just something i > stumbled upon. > > Thank you very much for your answers. > > Best Regards, > > martin > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
