[Trinidad] Authorisation & Authentication? (JAAS?)

[Darren McEntee <da...@amt-sybex.com>]

Hi all, 

 

Can anyone please point me in the right direction as regards methods to
execute authorisation & authentication to a Trinidad webapp. Something
along the lines of Java Authentication and Authorization Service (JAAS
<http://java.sun.com/products/jaas/> ).

We want to implement an authorisation 'front door' as an underlining
layer.

 

Has Trinidad its own implementation? I can't seem to find any
information in this regards.

Any info' would be appreciated!

 

Best regards,

Darren.
 
P Please consider the environment before printing this email
_________________________________________________________ 
 
1. The information contained in this E-mail, including any files transmitted with it, is confidential and may be legally privileged. This E-mail is intended only for the personal attention of the stated addressee(s). Any access to this E-mail, including any files transmitted with it, by any other person is unauthorised. If you are not an addressee, you must not disclose, copy, circulate or in any other way use or rely on the information contained in this E-mail or any files transmitted with it. Such unauthorised use may be unlawful. If you have received this E-mail in error, please inform the sender immediately and delete it and all copies from your system. You may not forward this E-mail without the permission of the sender.
 
2. The views expressed in this E-mail are those of the author, and do not necessarily represent the views of AMT-SYBEX. Internet communications are not secure and AMT-SYBEX cannot, therefore, accept legal responsibility for the contents of this message nor for any damage caused by viruses.
 
AMT-SYBEX Limited is a UK company, registration number GB03036807 at address The Spirella Building, Bridge Road, Letchworth, SG6 4ET. 
AMT-SYBEX (NI) Limited is a UK company, registration number NI024104 at address Edgewater Office Park, Edgewater Rd, Belfast, BT3 9JQ.
For more information on the AMT-SYBEX Group visit http://www.amt-sybex.com
_________________________________________________________

Re: [Trinidad] Submit PPR On Enter

[Danny Robinson <da...@gmail.com>]

Until then, you could call your own function in onkeyup that checked for
Enter key being hit, and caused a hidden commandButton (one per inputText
that needed this feature) to be pressed which would perform the PPR.  You'd
likely not be able to easily use defaultCommand with this solution though.

On 7/12/07, Matthias Wessendorf <ma...@apache.org> wrote:
>
> currently the PPR function is *rendered* out to onchange, to cause the
> PPR, when you tab out.
>
> We could add this for onkeyup event, when no defaultCommand is set on
> form and check inside if ENTER was the pressed key. Sounds like an
> enhancement request ?
>
> -Matthuas
>
> On 7/12/07, William Hoover <wh...@nemours.org> wrote:
> > Thanks for the reply!
> >
> > I have considered using defaultCommand on the form, but I have a form
> that has multiple <tr:inputText /> each having it's own call to a backing
> bean method. They are all in the same form because they share other common
> fields within it.
> >
> > Any other suggestions?
> >
> > -----Original Message-----
> > From: mwessendorf@gmail.com [mailto:mwessendorf@gmail.com]On Behalf Of
> > Matthias Wessendorf
> > Sent: Thursday, July 12, 2007 8:54 AM
> > To: MyFaces Discussion
> > Subject: Re: [Trinidad] <tr:inputText /> Submit PPR On Enter
> >
> >
> > Have you tried <tr:form defaultCommand="..." >...
> >
> > http://myfaces.apache.org/trinidad/trinidad-api/tagdoc/tr_form.html
> >
> > Setz the button/link to be a ppr command.
> >
> > On 7/12/07, William Hoover <wh...@nemours.org> wrote:
> > > Is there a way invoke a PPR call for a <tr:inputText /> when the enter
> key is pressed?
> > >
> > > For Example (I know "submitOnEnter" is not a valid attribute- just
> illustration):
> > >
> > > <tr:inputText id="submitsOnEnter" submitOnEnter="#{
> myBean.processOnEnterCall}" />
> > >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > further stuff:
> > blog: http://matthiaswessendorf.wordpress.com/
> > mail: matzew-at-apache-dot-org
> >
> >
>
>
> --
> Matthias Wessendorf
>
> further stuff:
> blog: http://matthiaswessendorf.wordpress.com/
> mail: matzew-at-apache-dot-org
>



-- 
Chordiant Software Inc.
www.chordiant.com

Re: [Trinidad] Submit PPR On Enter

[Matthias Wessendorf <ma...@apache.org>]

currently the PPR function is *rendered* out to onchange, to cause the
PPR, when you tab out.

We could add this for onkeyup event, when no defaultCommand is set on
form and check inside if ENTER was the pressed key. Sounds like an
enhancement request ?

-Matthuas

On 7/12/07, William Hoover <wh...@nemours.org> wrote:
> Thanks for the reply!
>
> I have considered using defaultCommand on the form, but I have a form that has multiple <tr:inputText /> each having it's own call to a backing bean method. They are all in the same form because they share other common fields within it.
>
> Any other suggestions?
>
> -----Original Message-----
> From: mwessendorf@gmail.com [mailto:mwessendorf@gmail.com]On Behalf Of
> Matthias Wessendorf
> Sent: Thursday, July 12, 2007 8:54 AM
> To: MyFaces Discussion
> Subject: Re: [Trinidad] <tr:inputText /> Submit PPR On Enter
>
>
> Have you tried <tr:form defaultCommand="..." >...
>
> http://myfaces.apache.org/trinidad/trinidad-api/tagdoc/tr_form.html
>
> Setz the button/link to be a ppr command.
>
> On 7/12/07, William Hoover <wh...@nemours.org> wrote:
> > Is there a way invoke a PPR call for a <tr:inputText /> when the enter key is pressed?
> >
> > For Example (I know "submitOnEnter" is not a valid attribute- just illustration):
> >
> > <tr:inputText id="submitsOnEnter" submitOnEnter="#{myBean.processOnEnterCall}" />
> >
>
>
> --
> Matthias Wessendorf
>
> further stuff:
> blog: http://matthiaswessendorf.wordpress.com/
> mail: matzew-at-apache-dot-org
>
>


-- 
Matthias Wessendorf

further stuff:
blog: http://matthiaswessendorf.wordpress.com/
mail: matzew-at-apache-dot-org

RE: [Trinidad] Submit PPR On Enter

[William Hoover <wh...@nemours.org>]

Thanks for the reply!

I have considered using defaultCommand on the form, but I have a form that has multiple <tr:inputText /> each having it's own call to a backing bean method. They are all in the same form because they share other common fields within it.

Any other suggestions?

-----Original Message-----
From: mwessendorf@gmail.com [mailto:mwessendorf@gmail.com]On Behalf Of
Matthias Wessendorf
Sent: Thursday, July 12, 2007 8:54 AM
To: MyFaces Discussion
Subject: Re: [Trinidad] <tr:inputText /> Submit PPR On Enter


Have you tried <tr:form defaultCommand="..." >...

http://myfaces.apache.org/trinidad/trinidad-api/tagdoc/tr_form.html

Setz the button/link to be a ppr command.

On 7/12/07, William Hoover <wh...@nemours.org> wrote:
> Is there a way invoke a PPR call for a <tr:inputText /> when the enter key is pressed?
>
> For Example (I know "submitOnEnter" is not a valid attribute- just illustration):
>
> <tr:inputText id="submitsOnEnter" submitOnEnter="#{myBean.processOnEnterCall}" />
>


-- 
Matthias Wessendorf

further stuff:
blog: http://matthiaswessendorf.wordpress.com/
mail: matzew-at-apache-dot-org

Re: [Trinidad] Submit PPR On Enter

[Matthias Wessendorf <ma...@apache.org>]

Have you tried <tr:form defaultCommand="..." >...

http://myfaces.apache.org/trinidad/trinidad-api/tagdoc/tr_form.html

Setz the button/link to be a ppr command.

On 7/12/07, William Hoover <wh...@nemours.org> wrote:
> Is there a way invoke a PPR call for a <tr:inputText /> when the enter key is pressed?
>
> For Example (I know "submitOnEnter" is not a valid attribute- just illustration):
>
> <tr:inputText id="submitsOnEnter" submitOnEnter="#{myBean.processOnEnterCall}" />
>


-- 
Matthias Wessendorf

further stuff:
blog: http://matthiaswessendorf.wordpress.com/
mail: matzew-at-apache-dot-org

[Trinidad] Submit PPR On Enter

[William Hoover <wh...@nemours.org>]

Is there a way invoke a PPR call for a <tr:inputText /> when the enter key is pressed?

For Example (I know "submitOnEnter" is not a valid attribute- just illustration):

<tr:inputText id="submitsOnEnter" submitOnEnter="#{myBean.processOnEnterCall}" />

Re: [Trinidad] Authorisation & Authentication? (JAAS?)

[Cagatay Civici <ca...@gmail.com>]

Yes, Acegi will be the right solution with Spring. I've used it in an
JSF-Spring application and it's very powerful, not so hard to integrate btw.

On the other hand, for securing ui components you may take a look at myfaces
securitycontext features.

http://wiki.apache.org/myfaces/SecurityContext

Cagatay

On 7/11/07, Adam Winer <aw...@gmail.com> wrote:
>
> If you're already in the Spring game, Acegi seems a reasonable
> incremental solution.
>
> -- Adam
>
>
> On 7/10/07, Shane Petroff <sh...@mayet.ca> wrote:
> >
> >  Frank Nimphius wrote:
> >
> >  Usually authorization is enforced on the business service layer and
> > surfaces in the UI. If e.g. a user has a permission, JAAS or container
> > managed, to update an attribute then this could/should be exposed in the
> UI
> > through expression language, referencing a method on the model that
> performs
> > the check permission call.
> >
> >  What are the current best practices regarding security and JSF? Am I
> better
> > off integrating with something like Acegi (since I already use Spring)?
> > Googling the 2 suggests that Acegi integration can be painful, but now
> that
> > was then... A JAAS based approach seems like it gives one lots of
> > flexibility, but requires more work on the developers part. What are
> other
> > people using to provide method level authorization checks?
> >
> >  Shane
> >
> >
> >  Beside of this, security needs to be on page navigation, which is
> something
> > you need to implement in the JSF engine (MyFaces or JSF RI). Have a look
> at
> >
> >  http://www.orablogs.com/fnimphius/archives/001790.html
> >  http://www.orablogs.com/fnimphius/archives/001836.html
> >
> >  where I created a sample for container managed and JAAS authorization.
> >
> >  However, from this little development experience I can say that
> security in
> > JSF is nothing you implement within an afternoon but requires a well
> thought
> > through security framework that integrates not only with the UI but also
> the
> > model fro a consistent security enforcement. The easiest way to get
> started
> > with such an effort is to look at the security design patterns that
> exist
> > and work your way back to JSF-
> >
> >  Frank
> >
> >
> >
> >
> > > Hi all,
> > >
> > >
> > >
> > > Can anyone please point me in the right direction as regards methods
> > > to execute authorisation & authentication to a Trinidad webapp.
> > > Something along the lines of Java Authentication and Authorization
> > > Service (JAAS).
> > >
> > > We want to implement an authorisation 'front door' as an underlining
> > layer.
> > >
> > >
> > >
> > > Has Trinidad its own implementation? I can't seem to find any
> > > information in this regards.
> > >
> > > Any info' would be appreciated!
> > >
> > >
> > >
> > > Best regards,
> > >
> > > Darren.
> > >
> > >
> > >
> > > P Please consider the environment before printing this email
> > > _________________________________________________________
> > >
> > > 1. The information contained in this E-mail, including any files
> > > transmitted with it, is confidential and may be legally privileged.
> > > This E-mail is intended only for the personal attention of the stated
> > > addressee(s). Any access to this E-mail, including any files
> > > transmitted with it, by any other person is unauthorised. If you are
> > > not an addressee, you must not disclose, copy, circulate or in any
> > > other way use or rely on the information contained in this E-mail or
> > > any files transmitted with it. Such unauthorised use may be unlawful.
> > > If you have received this E-mail in error, please inform the sender
> > > immediately and delete it and all copies from your system. You may not
> > > forward this E-mail without the permission of the sender.
> > >
> > > 2. The views expressed in this E-mail are those of the author, and do
> > > not necessarily represent the views of AMT-SYBEX. Internet
> > > communications are not secure and AMT-SYBEX cannot, therefore, accept
> > > legal responsibility for the contents of this message nor for any
> > > damage caused by viruses.
> > >
> > > AMT-SYBEX Limited is a UK company, registration number GB03036807 at
> > > address The Spirella Building, Bridge Road, Letchworth, SG6 4ET.
> > > AMT-SYBEX (NI) Limited is a UK company, registration number NI024104
> > > at address Edgewater Office Park, Edgewater Rd, Belfast, BT3 9JQ.
> > > For more information on the AMT-SYBEX Group visit
> http://www.amt-sybex.com
> > > _________________________________________________________
> > >
> >
> >
> >
> >  --
> >  Frank Nimphius
> >
> >
> >
> >  --
> > Shane
> >
>

Re: [Trinidad] Authorisation & Authentication? (JAAS?)

[Adam Winer <aw...@gmail.com>]

If you're already in the Spring game, Acegi seems a reasonable
incremental solution.

-- Adam


On 7/10/07, Shane Petroff <sh...@mayet.ca> wrote:
>
>  Frank Nimphius wrote:
>
>  Usually authorization is enforced on the business service layer and
> surfaces in the UI. If e.g. a user has a permission, JAAS or container
> managed, to update an attribute then this could/should be exposed in the UI
> through expression language, referencing a method on the model that performs
> the check permission call.
>
>  What are the current best practices regarding security and JSF? Am I better
> off integrating with something like Acegi (since I already use Spring)?
> Googling the 2 suggests that Acegi integration can be painful, but now that
> was then... A JAAS based approach seems like it gives one lots of
> flexibility, but requires more work on the developers part. What are other
> people using to provide method level authorization checks?
>
>  Shane
>
>
>  Beside of this, security needs to be on page navigation, which is something
> you need to implement in the JSF engine (MyFaces or JSF RI). Have a look at
>
>  http://www.orablogs.com/fnimphius/archives/001790.html
>  http://www.orablogs.com/fnimphius/archives/001836.html
>
>  where I created a sample for container managed and JAAS authorization.
>
>  However, from this little development experience I can say that security in
> JSF is nothing you implement within an afternoon but requires a well thought
> through security framework that integrates not only with the UI but also the
> model fro a consistent security enforcement. The easiest way to get started
> with such an effort is to look at the security design patterns that exist
> and work your way back to JSF-
>
>  Frank
>
>
>
>
> > Hi all,
> >
> >
> >
> > Can anyone please point me in the right direction as regards methods
> > to execute authorisation & authentication to a Trinidad webapp.
> > Something along the lines of Java Authentication and Authorization
> > Service (JAAS).
> >
> > We want to implement an authorisation 'front door' as an underlining
> layer.
> >
> >
> >
> > Has Trinidad its own implementation? I can't seem to find any
> > information in this regards.
> >
> > Any info' would be appreciated!
> >
> >
> >
> > Best regards,
> >
> > Darren.
> >
> >
> >
> > P Please consider the environment before printing this email
> > _________________________________________________________
> >
> > 1. The information contained in this E-mail, including any files
> > transmitted with it, is confidential and may be legally privileged.
> > This E-mail is intended only for the personal attention of the stated
> > addressee(s). Any access to this E-mail, including any files
> > transmitted with it, by any other person is unauthorised. If you are
> > not an addressee, you must not disclose, copy, circulate or in any
> > other way use or rely on the information contained in this E-mail or
> > any files transmitted with it. Such unauthorised use may be unlawful.
> > If you have received this E-mail in error, please inform the sender
> > immediately and delete it and all copies from your system. You may not
> > forward this E-mail without the permission of the sender.
> >
> > 2. The views expressed in this E-mail are those of the author, and do
> > not necessarily represent the views of AMT-SYBEX. Internet
> > communications are not secure and AMT-SYBEX cannot, therefore, accept
> > legal responsibility for the contents of this message nor for any
> > damage caused by viruses.
> >
> > AMT-SYBEX Limited is a UK company, registration number GB03036807 at
> > address The Spirella Building, Bridge Road, Letchworth, SG6 4ET.
> > AMT-SYBEX (NI) Limited is a UK company, registration number NI024104
> > at address Edgewater Office Park, Edgewater Rd, Belfast, BT3 9JQ.
> > For more information on the AMT-SYBEX Group visit http://www.amt-sybex.com
> > _________________________________________________________
> >
>
>
>
>  --
>  Frank Nimphius
>
>
>
>  --
> Shane
>

Re: [Trinidad] Authorisation & Authentication? (JAAS?)

[Shane Petroff <sh...@mayet.ca>]

Frank Nimphius wrote:
>
> Usually authorization is enforced on the business service layer and 
> surfaces in the UI. If e.g. a user has a permission, JAAS or container 
> managed, to update an attribute then this could/should be exposed in 
> the UI through expression language, referencing a method on the model 
> that performs the check permission call.

What are the current best practices regarding security and JSF? Am I 
better off integrating with something like Acegi (since I already use 
Spring)? Googling the 2 suggests that Acegi integration can be painful, 
but now that was then... A JAAS based approach seems like it gives one 
lots of flexibility, but requires more work on the developers part. What 
are other people using to provide method level authorization checks?

Shane
>
> Beside of this, security needs to be on page navigation, which is 
> something you need to implement in the JSF engine (MyFaces or JSF RI). 
> Have a look at
>
> http://www.orablogs.com/fnimphius/archives/001790.html
> http://www.orablogs.com/fnimphius/archives/001836.html
>
> where I created a sample for container managed and JAAS authorization.
>
> However, from this little development experience I can say that 
> security in JSF is nothing you implement within an afternoon but 
> requires a well thought through security framework that integrates not 
> only with the UI but also the model fro a consistent security 
> enforcement. The easiest way to get started with such an effort is to 
> look at the security design patterns that exist and work your way back 
> to JSF-
>
> Frank
>
>
>     Hi all,
>
>
>
>     Can anyone please point me in the right direction as regards methods
>     to execute authorisation & authentication to a Trinidad webapp.
>     Something along the lines of Java Authentication and Authorization
>     Service (JAAS).
>
>     We want to implement an authorisation 'front door' as an
>     underlining layer.
>
>
>
>     Has Trinidad its own implementation? I can't seem to find any
>     information in this regards.
>
>     Any info' would be appreciated!
>
>
>
>     Best regards,
>
>     Darren.
>
>
>
>     P Please consider the environment before printing this email
>     _________________________________________________________
>
>     1. The information contained in this E-mail, including any files
>     transmitted with it, is confidential and may be legally privileged.
>     This E-mail is intended only for the personal attention of the stated
>     addressee(s). Any access to this E-mail, including any files
>     transmitted with it, by any other person is unauthorised. If you are
>     not an addressee, you must not disclose, copy, circulate or in any
>     other way use or rely on the information contained in this E-mail or
>     any files transmitted with it. Such unauthorised use may be unlawful.
>     If you have received this E-mail in error, please inform the sender
>     immediately and delete it and all copies from your system. You may not
>     forward this E-mail without the permission of the sender.
>
>     2. The views expressed in this E-mail are those of the author, and do
>     not necessarily represent the views of AMT-SYBEX. Internet
>     communications are not secure and AMT-SYBEX cannot, therefore, accept
>     legal responsibility for the contents of this message nor for any
>     damage caused by viruses.
>
>     AMT-SYBEX Limited is a UK company, registration number GB03036807 at
>     address The Spirella Building, Bridge Road, Letchworth, SG6 4ET.
>     AMT-SYBEX (NI) Limited is a UK company, registration number NI024104
>     at address Edgewater Office Park, Edgewater Rd, Belfast, BT3 9JQ.
>     For more information on the AMT-SYBEX Group visit
>     http://www.amt-sybex.com
>     _________________________________________________________
>
>
>
>
> -- 
> Frank Nimphius
>


-- 
Shane

Re: [Trinidad] Authorisation & Authentication? (JAAS?)

[Frank Nimphius <fr...@googlemail.com>]

Darren,

Trinidad is a component set and does not have a security infrastructure. You
can use the render property or the readOnly property to perform
authorization, but this needs to be backed up somewhere. Usually
authorization is enforced on the business service layer and surfaces in the
UI. If e.g. a user has a permission, JAAS or container managed, to update an
attribute then this could/should be exposed in the UI through expression
language, referencing a method on the model that performs the check
permission call.

Beside of this, security needs to be on page navigation, which is something
you need to implement in the JSF engine (MyFaces or JSF RI). Have a look at

http://www.orablogs.com/fnimphius/archives/001790.html
http://www.orablogs.com/fnimphius/archives/001836.html

where I created a sample for container managed and JAAS authorization.

However, from this little development experience I can say that security in
JSF is nothing you implement within an afternoon but requires a well thought
through security framework that integrates not only with the UI but also the
model fro a consistent security enforcement. The easiest way to get started
with such an effort is to look at the security design patterns that exist
and work your way back to JSF-

Frank


Hi all,
>
>
>
> Can anyone please point me in the right direction as regards methods
> to execute authorisation & authentication to a Trinidad webapp.
> Something along the lines of Java Authentication and Authorization
> Service (JAAS).
>
> We want to implement an authorisation 'front door' as an underlining
> layer.
>
>
>
> Has Trinidad its own implementation? I can't seem to find any
> information in this regards.
>
> Any info' would be appreciated!
>
>
>
> Best regards,
>
> Darren.
>
>
>
> P Please consider the environment before printing this email
> _________________________________________________________
>
> 1. The information contained in this E-mail, including any files
> transmitted with it, is confidential and may be legally privileged.
> This E-mail is intended only for the personal attention of the stated
> addressee(s). Any access to this E-mail, including any files
> transmitted with it, by any other person is unauthorised. If you are
> not an addressee, you must not disclose, copy, circulate or in any
> other way use or rely on the information contained in this E-mail or
> any files transmitted with it. Such unauthorised use may be unlawful.
> If you have received this E-mail in error, please inform the sender
> immediately and delete it and all copies from your system. You may not
> forward this E-mail without the permission of the sender.
>
> 2. The views expressed in this E-mail are those of the author, and do
> not necessarily represent the views of AMT-SYBEX. Internet
> communications are not secure and AMT-SYBEX cannot, therefore, accept
> legal responsibility for the contents of this message nor for any
> damage caused by viruses.
>
> AMT-SYBEX Limited is a UK company, registration number GB03036807 at
> address The Spirella Building, Bridge Road, Letchworth, SG6 4ET.
> AMT-SYBEX (NI) Limited is a UK company, registration number NI024104
> at address Edgewater Office Park, Edgewater Rd, Belfast, BT3 9JQ.
> For more information on the AMT-SYBEX Group visit http://www.amt-sybex.com
> _________________________________________________________
>



-- 
Frank Nimphius