You are viewing a plain text version of this content. The canonical link for it is here.
Posted to taglibs-dev@jakarta.apache.org by for_evg <fo...@infonet.by> on 2001/06/30 16:49:51 UTC
new taglibrary
Hello!
Working at the projects I often come across the problem of users'
information access
and users' possibility restriction conserning their rights. To solve the
problem
I suggest new securitymanager taglibrary. All users are divided into groups.
The list of users' rights is defined for each group. The user's right
describes permission or
prohibition of user's possibilities defined by the problem context.
The data are stored in XML-files or in any of known RDBMS such as Oracle,
Informix and so on.
The library can be "built-in" the existing system with helping its
file-properties.
Most of tags are used for managing administrative project part, but the main
tag is security.
The principle of its activity is:
whether the tag body is ignored or not because of the user's group rights.
In this way user's possibilities are defined in the project.
This is the brief taglibrary description (most of tags are without any
comments cause
their meanings are clear to you from their profiles):
<!ELEMENT security (#PCDATA)>
<!ATTLIST security
right CDATA #REQUIRED
user CDATA #REQUIRED >
<!ELEMENT newuser (field *)>
<!ATTLIST newuser %attruser>
<!ELEMENT edituser (field *)>
<!ATTLIST edituser %attruser>
<!ELEMENT deleteuser EMPTY>
<!ATTLIST deleteuser
id CDATA #REQUIRED>
<!ELEMENT field>
<!ATTLIST field
name CDATA #REQUIRED
value CDATA #IMPLIED>
If users of the taglibrary like to extend data about project users, groups
and right,
they can do it with helping field tag.
<!ELEMENT newgroup (field *)>
<!ATTLIST newgroup
id CDATA #REQUIRED>
<!ELEMENT editgroup (field *)>
<!ATTLIST editgroup
id CDATA #REQUIRED>
<!ELEMENT deletegroup EMPTY>
<!ATTLIST deletegroup
id CDATA #REQUIRED
recursive (yes|no) no >
<!ELEMENT addusertogroup EMPTY>
<!ATTLIST addusertogroup %attrusergroup >
<!ELEMENT deleteuserfromgroup EMPTY>
<!ATTLIST deleteuserfromgroup %attrusergroup >
<!ELEMENT changeusergroup EMPTY>
<!ATTLIST changeusergroup %attrusergroup >
<!ELEMENT newright (field *)>
<!ATTLIST newright
id CDATA #REQUIRED>
<!ELEMENT editright (field *)>
<!ATTLIST editright
id CDATA #REQUIRED>
<!ELEMENT deleteright EMPTY>
<!ATTLIST deleteright
id CDATA #REQUIRED>
<!ELEMENT addrighttogroup EMPTY>
<!ATTLIST addrighttogroup %attrrightgroup >
<!ELEMENT deleterightfromgroup>
<!ATTLIST deleterightfromgroup %attrrightgroup >
<!ELEMENT get EMPTY>
<!ATTLIST get
type %types #REQUIRED
field CDATA #REQUIRED >
The tag is used for getting a list of users, groups, rights.
<!ELEMENT list (getfield *, condition *, next *)>
<!ATTLIST list
type %types #REQUIRED
sort CDATA #IMPLIED >
The tag is used for moving to next record.
<!ELEMENT next EMPTY>
The tag is used for getting current record fields.
<!ELEMENT getfield EMPTY>
<!ATTLIST getfield
name CDATA #REQUIRED
format CDATA #IMPLIED >
description of xml-files:
users.xml
<!ELEMENT user (field *)>
<!ATTLIST user
id ID #REQUIRED
group CDATA #IMPLIED >
groups.xml
<!ELEMENT group (field *, groupright *)>
<!ATTLIST group
id ID #REQUIRED
name CDATA #IMPLIED >
<!ELEMENT groupright EMPTY>
<!ATTLIST groupright
right CDATA #REQUIRED >
rights.xml
<!ELEMENT right (field *)>
<!ATTLIST right
id ID #REQUIRED >
-----------------------------------
<!ENTITY attruser
"id CDATA #REQUIRED
group CDATA #IMPLIED">
<!ENTITY attrusergroup
"user CDATA #REQUIRED
group CDATA #REQUIRED" >
<!ENTITY attrrightgroup
"right CDATA #REQUIRED
group CDATA #REQUIRED" >
<!ENTITY % types
"user|group|right">
Yauheni Mikulski.
Re: new taglibrary
Posted by YMikulski <YM...@infonet.by>.
I agree with Nick, but I think, the other library features must be.
I like to ask one question: What should I do next?
As I understood nobody has been against my taglibrary. Can I start
developing it?
I'm going to suggest some other new taglibraries. I like to do it at the
same time.
Yauheni Mikulski.
----- Original Message -----
From: "Nick Sharples" <ni...@eejits.net>
To: <ta...@jakarta.apache.org>
Sent: Sunday, July 01, 2001 4:30 PM
Subject: RE: new taglibrary
> A users/groups security
> framework would be better developed externally to a taglib project to
allow
> it to be used in any number of environments.
>
> A taglib for authenticating against JAAS would be a great idea however.
>
> Regards,
> Nick
>
Re: new taglibrary
Posted by Glenn Nielsen <gl...@voyager.apg.more.net>.
Nick Sharples wrote:
>
> > I suggest to develop the taglibrary based on JASS with users' group.
>
> My apologies if I've picked you up wrong, but having briefly reviewed the
> JAAS spec, it seems to me that that to implement all the suggested
> functionality as a taglib might not be that wise. A users/groups security
> framework would be better developed externally to a taglib project to allow
> it to be used in any number of environments.
>
> A taglib for authenticating against JAAS would be a great idea however.
>
Yes, that is what I meant. There was a session at JavaOne on just that.
A tag library which used JAAS. I have encouraged the session presenter
to contribute the taglib to jakarta-taglibs.
Regards,
Glenn
----------------------------------------------------------------------
Glenn Nielsen glenn@more.net | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
RE: new taglibrary
Posted by Nick Sharples <ni...@eejits.net>.
> I suggest to develop the taglibrary based on JASS with users' group.
My apologies if I've picked you up wrong, but having briefly reviewed the
JAAS spec, it seems to me that that to implement all the suggested
functionality as a taglib might not be that wise. A users/groups security
framework would be better developed externally to a taglib project to allow
it to be used in any number of environments.
A taglib for authenticating against JAAS would be a great idea however.
Regards,
Nick
Re: new taglibrary
Posted by YMikulski <YM...@infonet.by>.
Thanks Glenn. Yes, you are right. JAAS is that the doctor writes,
but there are no users' groups and it is very important. Imagine, whether
project users are 2000-3000. It's an ordinary situation for my projects.
Poor admins!!!
I suggest to develop the taglibrary based on JASS with users' group.
Yauheni Mikulski.
----- Original Message -----
From: "Glenn Nielsen" <gl...@voyager.apg.more.net>
To: <ta...@jakarta.apache.org>
Sent: Saturday, June 30, 2001 6:02 PM
Subject: Re: new taglibrary
> A tag library to provide access control based on the user/group is a good
idea.
> You might want to look into using the Java Authentication Authorization
Service
> JAAS.
>
> http://java.sun.com/products/jaas/
>
> Regards,
>
> Glenn
>
Re: new taglibrary
Posted by Glenn Nielsen <gl...@voyager.apg.more.net>.
A tag library to provide access control based on the user/group is a good idea.
You might want to look into using the Java Authentication Authorization Service
JAAS.
http://java.sun.com/products/jaas/
Regards,
Glenn
for_evg wrote:
>
> Hello!
>
> Working at the projects I often come across the problem of users'
> information access
> and users' possibility restriction conserning their rights. To solve the
> problem
> I suggest new securitymanager taglibrary. All users are divided into groups.
> The list of users' rights is defined for each group. The user's right
> describes permission or
> prohibition of user's possibilities defined by the problem context.
> The data are stored in XML-files or in any of known RDBMS such as Oracle,
> Informix and so on.
> The library can be "built-in" the existing system with helping its
> file-properties.
> Most of tags are used for managing administrative project part, but the main
> tag is security.
> The principle of its activity is:
> whether the tag body is ignored or not because of the user's group rights.
> In this way user's possibilities are defined in the project.
> This is the brief taglibrary description (most of tags are without any
> comments cause
> their meanings are clear to you from their profiles):
>
> <!ELEMENT security (#PCDATA)>
> <!ATTLIST security
> right CDATA #REQUIRED
> user CDATA #REQUIRED >
>
> <!ELEMENT newuser (field *)>
> <!ATTLIST newuser %attruser>
>
> <!ELEMENT edituser (field *)>
> <!ATTLIST edituser %attruser>
>
> <!ELEMENT deleteuser EMPTY>
> <!ATTLIST deleteuser
> id CDATA #REQUIRED>
>
> <!ELEMENT field>
> <!ATTLIST field
> name CDATA #REQUIRED
> value CDATA #IMPLIED>
>
> If users of the taglibrary like to extend data about project users, groups
> and right,
> they can do it with helping field tag.
>
> <!ELEMENT newgroup (field *)>
> <!ATTLIST newgroup
> id CDATA #REQUIRED>
>
> <!ELEMENT editgroup (field *)>
> <!ATTLIST editgroup
> id CDATA #REQUIRED>
>
> <!ELEMENT deletegroup EMPTY>
> <!ATTLIST deletegroup
> id CDATA #REQUIRED
> recursive (yes|no) no >
>
> <!ELEMENT addusertogroup EMPTY>
> <!ATTLIST addusertogroup %attrusergroup >
>
> <!ELEMENT deleteuserfromgroup EMPTY>
> <!ATTLIST deleteuserfromgroup %attrusergroup >
>
> <!ELEMENT changeusergroup EMPTY>
> <!ATTLIST changeusergroup %attrusergroup >
>
> <!ELEMENT newright (field *)>
> <!ATTLIST newright
> id CDATA #REQUIRED>
>
> <!ELEMENT editright (field *)>
> <!ATTLIST editright
> id CDATA #REQUIRED>
>
> <!ELEMENT deleteright EMPTY>
> <!ATTLIST deleteright
> id CDATA #REQUIRED>
>
> <!ELEMENT addrighttogroup EMPTY>
> <!ATTLIST addrighttogroup %attrrightgroup >
>
> <!ELEMENT deleterightfromgroup>
> <!ATTLIST deleterightfromgroup %attrrightgroup >
>
> <!ELEMENT get EMPTY>
> <!ATTLIST get
> type %types #REQUIRED
> field CDATA #REQUIRED >
>
> The tag is used for getting a list of users, groups, rights.
>
> <!ELEMENT list (getfield *, condition *, next *)>
> <!ATTLIST list
> type %types #REQUIRED
> sort CDATA #IMPLIED >
>
> The tag is used for moving to next record.
> <!ELEMENT next EMPTY>
>
> The tag is used for getting current record fields.
> <!ELEMENT getfield EMPTY>
> <!ATTLIST getfield
> name CDATA #REQUIRED
> format CDATA #IMPLIED >
>
> description of xml-files:
> users.xml
>
> <!ELEMENT user (field *)>
> <!ATTLIST user
> id ID #REQUIRED
> group CDATA #IMPLIED >
>
> groups.xml
>
> <!ELEMENT group (field *, groupright *)>
> <!ATTLIST group
> id ID #REQUIRED
> name CDATA #IMPLIED >
>
> <!ELEMENT groupright EMPTY>
> <!ATTLIST groupright
> right CDATA #REQUIRED >
>
> rights.xml
>
> <!ELEMENT right (field *)>
> <!ATTLIST right
> id ID #REQUIRED >
> -----------------------------------
>
> <!ENTITY attruser
> "id CDATA #REQUIRED
> group CDATA #IMPLIED">
>
> <!ENTITY attrusergroup
> "user CDATA #REQUIRED
> group CDATA #REQUIRED" >
>
> <!ENTITY attrrightgroup
> "right CDATA #REQUIRED
> group CDATA #REQUIRED" >
>
> <!ENTITY % types
> "user|group|right">
>
> Yauheni Mikulski.
--
----------------------------------------------------------------------
Glenn Nielsen glenn@more.net | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------