You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@turbine.apache.org by Peter Donald <do...@apache.org> on 2001/10/15 08:28:14 UTC

[Torque] Secure/UnsecurePersistent?

Hi,

I was having a look at the source for torque and a few things struck me as 
odd. One in particular was the way that Secure/UnsecurePersistent was 
implemented. While security may be a good thing to in I was wondering why it 
was implemented using the method it has been.

For instance hasPermission() seems to not pass enough information to usefully 
extract security information. 

For instance if I was to implement it I would implement something like

interface PeerAspect (or PeerContext)
{
  void preSave( BaseObject object );
}

Then it would be upto the aspect/context to determine the action to take 
before saving the object. Aswell as security you may also want to do things 
like implement validation or any other sort of data massaging and this 
mechanism would provide for that.

If you wanted to go crazy you could even stack these aspects/context to have 
a chain of them (think Servlet filter API, Catalinas Valve API or Cocoons 
pipeline API). Though I am not sure how useful this would be ;)

If other "join points" came up in the future you could also add them to this 
interface (think postSave, preLoad, postLoad or whatever). These sorts of 
things are generally useful and have counterparts in J2EE world (ie Entity 
beans) but I guess I am kinda looking for a lighter weight API.

In reality this would push the security stuff outside of torques domain and 
into domain of application (where it should be IMO).

Anyways - would a patch for something like this be accepted?

-- 
Cheers,

Pete

----------------------------------------
Whatever you do will be insignificant, 
but it is very important that you do it. 
                              --Gandhi
----------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org

Re: [Torque] Secure/UnsecurePersistent?

Posted by John McNally <jm...@collab.net>.

The code in torque regarding SecurePersistent should be removed.  It was
an idea I had that did not completely solve the problem.  I was hoping
to find another chance to fix it up, before the standalone torque became
more widely used, but if not I will need to remove it (unless you fix
it.)

hasPermission does not need to pass any info.  You construct a
SecurityInfo passing any needed info in ctors/setters and then the
torque object calls the hasPermission method.

john mcnally

Peter Donald wrote:
> 
> Hi,
> 
> I was having a look at the source for torque and a few things struck me as
> odd. One in particular was the way that Secure/UnsecurePersistent was
> implemented. While security may be a good thing to in I was wondering why it
> was implemented using the method it has been.
> 
> For instance hasPermission() seems to not pass enough information to usefully
> extract security information.
> 
> For instance if I was to implement it I would implement something like
> 
> interface PeerAspect (or PeerContext)
> {
>   void preSave( BaseObject object );
> }
> 
> Then it would be upto the aspect/context to determine the action to take
> before saving the object. Aswell as security you may also want to do things
> like implement validation or any other sort of data massaging and this
> mechanism would provide for that.
> 
> If you wanted to go crazy you could even stack these aspects/context to have
> a chain of them (think Servlet filter API, Catalinas Valve API or Cocoons
> pipeline API). Though I am not sure how useful this would be ;)
> 
> If other "join points" came up in the future you could also add them to this
> interface (think postSave, preLoad, postLoad or whatever). These sorts of
> things are generally useful and have counterparts in J2EE world (ie Entity
> beans) but I guess I am kinda looking for a lighter weight API.
> 
> In reality this would push the security stuff outside of torques domain and
> into domain of application (where it should be IMO).
> 
> Anyways - would a patch for something like this be accepted?
> 
> --
> Cheers,
> 
> Pete
> 
> ----------------------------------------
> Whatever you do will be insignificant,
> but it is very important that you do it.
>                               --Gandhi
> ----------------------------------------
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-dev-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org

Re: [Torque] Secure/UnsecurePersistent?

Posted by Daniel Rall <dl...@finemaltcoding.com>.

Peter Donald <do...@apache.org> writes:

>> <joking>
>> Don't make me remove your m_'s though. :-)
>> </joking>
>
> aww. How about f/g prefixes ? ;)

die prefixes die  ;P

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org

Re: [Torque] Secure/UnsecurePersistent?

Posted by Peter Donald <do...@apache.org>.

On Mon, 15 Oct 2001 17:08, Jon Stevens wrote:
> on 10/14/01 11:28 PM, "Peter Donald" <do...@apache.org> wrote:
> > Anyways - would a patch for something like this be accepted?
>
> I think John was just experimenting with the idea...
>
> I think a patch for that would be accepted.

kool. Have to wait till next week as I didn't get a chance to hack at it 
today.

> <joking>
> Don't make me remove your m_'s though. :-)
> </joking>

aww. How about f/g prefixes ? ;)

-- 
Cheers,

Pete

Duct tape is like the force.  It has a light side, and a dark side, and
it binds the universe together ...
                -- Carl Zwanzig


---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org

Re: [Torque] Secure/UnsecurePersistent?

Posted by Jon Stevens <jo...@latchkey.com>.

on 10/14/01 11:28 PM, "Peter Donald" <do...@apache.org> wrote:

> Anyways - would a patch for something like this be accepted?

I think John was just experimenting with the idea...

I think a patch for that would be accepted.

<joking>
Don't make me remove your m_'s though. :-)
</joking>

-jon


---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org