You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Gerhard Froehlich <g-...@gmx.de> on 2002/02/23 13:18:59 UTC
RE: [simplestore] alt. not JDBC Storage and AccessControl [was: AccessControl]
Juozas,
>As I understand you are working on security.
;) I try. Some questions:
Acl => List which holds to each Principal a Set of AclEntry's
AclEntry => entry in an Access Control List
Permission => used to grant a particular type of access
to a resource
Principal => used to represent any entity, such as an
individual, a corporation, and a login id.
For me the Acl is a simple Hashmap, which holds for each
Prinicpal a Set of AclEntry's. Key is the Principal and
value is a Set of AclEntry's.
There are two AclEntry with one READ and one WRITE Permission.
In our case each Acl contains ony one AclEntry for an Principal,
either READ or WRITE .
What do you think?
>I am going to write more tests, I know we will have some problems with
>transactions,
Wise guy....
>I will review OjectBridge today, I believe I will find good ideas for
>mapping.
>And we need to start implementation for some "Not JDBC Storage", we will
>made les bugs in design if we will have two Storage implementations.
>I thaught abaut BerkleyDB ( transactional BTree implementation ), but
>there are some good JAVA implementation on sourceforge.
Ok your choice! As you know I use Jisp in Cocoon, but there's a problem
with long String keys in the moment (Scott will fix this in his new
releas). But this point is very important and maybe there are some
better impl. around.
>I think we will see a lot of dissadvantages in design then we start to
>implement some BTreeStorage.
Ambitous ;), but kool. I think that's not that hard.
~Gerhard
---------------------------------------------
Very funny, Scotty. Now beam down my clothes.
---------------------------------------------
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [simplestore] alt. not JDBC Storage and AccessControl [was: AccessControl]
Posted by Juozas Baliuka <ba...@centras.lt>.
Hi,
I started to implement mappings and xml metadata, I will generate parsers at
this time,
we will use some better xml parsing tools later.
> >Hi,
> >Do you read JAAS documentation ?
>
> Just started ;-).
>
> >I recomend to do it, it well documented and has examples.
> >Don't understand me wrong, It is very good to implement Acl
> >and it is possible to reuse Acl implementation for JAAS
> >based security implementation.
>
> I will look at it. TIA for the tip.
> I have in the moment some private stress. I hope I'll back
> in the code soon...
>
> ~Gerhard
>
> -----------------------------------
> Boren's Law: When in doubt, mumble.
> -----------------------------------
>
> >> Juozas,
> >>
> >> >As I understand you are working on security.
> >>
> >> ;) I try. Some questions:
> >> Acl => List which holds to each Principal a Set of AclEntry's
> >> AclEntry => entry in an Access Control List
> >> Permission => used to grant a particular type of access
> >> to a resource
> >> Principal => used to represent any entity, such as an
> >> individual, a corporation, and a login id.
> >>
> >> For me the Acl is a simple Hashmap, which holds for each
> >> Prinicpal a Set of AclEntry's. Key is the Principal and
> >> value is a Set of AclEntry's.
> >> There are two AclEntry with one READ and one WRITE Permission.
> >>
> >> In our case each Acl contains ony one AclEntry for an Principal,
> >> either READ or WRITE .
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: [simplestore] alt. not JDBC Storage and AccessControl [was: AccessControl]
Posted by Gerhard Froehlich <g-...@gmx.de>.
>Hi,
>Do you read JAAS documentation ?
Just started ;-).
>I recomend to do it, it well documented and has examples.
>Don't understand me wrong, It is very good to implement Acl
>and it is possible to reuse Acl implementation for JAAS
>based security implementation.
I will look at it. TIA for the tip.
I have in the moment some private stress. I hope I'll back
in the code soon...
~Gerhard
-----------------------------------
Boren's Law: When in doubt, mumble.
-----------------------------------
>> Juozas,
>>
>> >As I understand you are working on security.
>>
>> ;) I try. Some questions:
>> Acl => List which holds to each Principal a Set of AclEntry's
>> AclEntry => entry in an Access Control List
>> Permission => used to grant a particular type of access
>> to a resource
>> Principal => used to represent any entity, such as an
>> individual, a corporation, and a login id.
>>
>> For me the Acl is a simple Hashmap, which holds for each
>> Prinicpal a Set of AclEntry's. Key is the Principal and
>> value is a Set of AclEntry's.
>> There are two AclEntry with one READ and one WRITE Permission.
>>
>> In our case each Acl contains ony one AclEntry for an Principal,
>> either READ or WRITE .
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [simplestore] alt. not JDBC Storage and AccessControl [was: AccessControl]
Posted by Juozas Baliuka <ba...@centras.lt>.
Hi,
Do you read JAAS documentation ?
I recomend to do it, it well documented and has examples.
Don't understand me wrong, It is very good to implement Acl
and it is possible to reuse Acl implementation for JAAS
based security implementation.
> Juozas,
>
> >As I understand you are working on security.
>
> ;) I try. Some questions:
> Acl => List which holds to each Principal a Set of AclEntry's
> AclEntry => entry in an Access Control List
> Permission => used to grant a particular type of access
> to a resource
> Principal => used to represent any entity, such as an
> individual, a corporation, and a login id.
>
> For me the Acl is a simple Hashmap, which holds for each
> Prinicpal a Set of AclEntry's. Key is the Principal and
> value is a Set of AclEntry's.
> There are two AclEntry with one READ and one WRITE Permission.
>
> In our case each Acl contains ony one AclEntry for an Principal,
> either READ or WRITE .
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [simplestore] alt. not JDBC Storage and AccessControl [was: AccessControl]
Posted by Juozas Baliuka <ba...@centras.lt>.
----- Original Message -----
From: Gerhard Froehlich <g-...@gmx.de>
To: Jakarta Commons Developers List <co...@jakarta.apache.org>
Sent: Saturday, February 23, 2002 1:18 PM
Subject: RE: [simplestore] alt. not JDBC Storage and AccessControl [was:
AccessControl]
> Juozas,
>
> >As I understand you are working on security.
>
> ;) I try. Some questions:
> Acl => List which holds to each Principal a Set of AclEntry's
> AclEntry => entry in an Access Control List
> Permission => used to grant a particular type of access
> to a resource
> Principal => used to represent any entity, such as an
> individual, a corporation, and a login id.
>
> For me the Acl is a simple Hashmap, which holds for each
> Prinicpal a Set of AclEntry's. Key is the Principal and
> value is a Set of AclEntry's.
> There are two AclEntry with one READ and one WRITE Permission.
>
> In our case each Acl contains ony one AclEntry for an Principal,
> either READ or WRITE .
>
> What do you think?
Yes, it must be trivial to implement. A single problem is login , I don't
see any
authentication in Acl we must usesomething this kind :
AuthenticationManager.login("user","password");
object.setSomething(something);//throws security exception if "user" has no
permission on method
// or some pluged AuthorizationManager
decides to throw this;
login implementation :
login(String user, String password){
// weak keys, not values !!!
weakMap.put(Thread.currentThread(), new PrincipalImpl(user));
}
Principal currentPrincipal(){
return (Principal)weakMap.get(Thread.currentThread());
}
// code in proxy :
invoke(......){
Principal p = AuthenticationManager.currentPrincipal(); // null if not
authenticated
check(p, .....);
<scip>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>