You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Chris Chiappone <ch...@gmail.com> on 2006/02/23 17:20:43 UTC
Security in Services best practices
Hi,
I was wondering what the best approach would be when trying to set
permissions for users of my application to access certain services.
I currently have an export to file service that I only want a certain
user role to be able to perform. Because the service is decoupled I
am not sure how I can obtain the role that the logged in user has from
my ASO into the service. Any help would be appreciated.
--
~chris
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
RE: Security in Services best practices
Posted by Jean-Francois Poilpret <jf...@hcm.vnn.vn>.
Hi Chris,
HiveMind Utilities project (http://hivetranse.sourceforg.net) also includes
the "hivelock" modules for security management, including an interceptor
that will throw an exception if the current user is not authorized to call
the required method.
Cheers
Jean-Francois
-----Original Message-----
From: Chris Chiappone [mailto:chiappone@gmail.com]
Sent: Thursday, February 23, 2006 11:21 PM
To: Tapestry List
Subject: Security in Services best practices
Hi,
I was wondering what the best approach would be when trying to set
permissions for users of my application to access certain services.
I currently have an export to file service that I only want a certain
user role to be able to perform. Because the service is decoupled I
am not sure how I can obtain the role that the logged in user has from
my ASO into the service. Any help would be appreciated.
--
~chris
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
RE: Security in Services best practices
Posted by James Carman <ja...@carmanconsulting.com>.
If you use the approach from my previous reply, you can just use the
SecurityContext (a threaded service, so it gets reset each request cycle) to
lookup the currently logged in user in any other service. Or, you could
place an AuthorizationInterceptor (which uses the SecurityContext) on your
services which you want to "secure."
-----Original Message-----
From: Chris Chiappone [mailto:chiappone@gmail.com]
Sent: Thursday, February 23, 2006 11:21 AM
To: Tapestry List
Subject: Security in Services best practices
Hi,
I was wondering what the best approach would be when trying to set
permissions for users of my application to access certain services.
I currently have an export to file service that I only want a certain
user role to be able to perform. Because the service is decoupled I
am not sure how I can obtain the role that the logged in user has from
my ASO into the service. Any help would be appreciated.
--
~chris
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org