Are you saying that customers will buy your web based application,
install it locally and then use it from there? Like Jira?
If that is the case then you will want to use some form of compiled
licensing mechanism rather than a Spring Security config file. You
are correct. A customer could edit the Spring file in order to gain
access to the areas they don't belong.
You could make different downloads based on the customer level. If
you have to deploy all the code and then just "enable" it with a
different license then you will need some kind of interceptor that
looks for a license file and then allows or disallows the feature.
That would be separate from Acegi.
I am not sure where portlets came from. You will locally install a
portal container and then deploy your application as the portal's only
app via portlets?
On Aug 21, 2008, at 12:55 AM, emmettwalsh wrote:
Hi,
Im trying to built an appfuse application that will contain many sub
applications, Thes applications would be accessed through various
menus as
normal.
i.e. So Depending on a users role (e.g. SILVER_USER, GOLD_USER ) I
can stop
them from accessing some of the sub application menus using Acegi
which is
good.
My problem is that I want to deploy the application locally at each
customer
site. Although the chances would be small, it would therefore be
possible
for a customer
to tweak the menu config file or the database to get around security
and
access the parts of the application that they havent paid for.
Can anyone see a clean solution to this. Maybe appfuse isnt suitable
and
maybe I should be looking at portlets ?
thanks
--
View this message in context:
http://www.nabble.com/Securing-applications-modules-in-Appfuse-tp19084179s2369p19084179.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
