Some basic field-level security

classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Some basic field-level security

David G Friedman
I've never made an Annotation before so I'll pose what may be very stupid
question:

Since the annotations are at run time, can't you create a new bind
annotation which, if present, jumps into the object and check's that
object's bind annotations?  Thus allowing scary (to a few of us) bindings
based on the model?  You know, like @Bind(class="com.you.webappgraph.Book")
or something?

Regards,
David, up _too_ late to probably make any sense.

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of
VANKEISBELCK Remi
Sent: Tuesday, October 24, 2006 3:23 AM
To: Stripes Users List
Subject: Re: [Stripes-users] Some basic field-level security


Hey Gary,

I understand your concern.

Have you had a look at Acegi ? As far as I understood your problem, that
could be the solution you need (without intrusion into your domain model)!
It's actually much simpler than the security manager stuff, and works
fine...

Cheers

Remi


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Some basic field-level security

Gary Moselen
In reply to this post by Barry Davies
I don't really think of annotations as intrusions into my domain model,
they seem to seperate the different aspects pretty cleanly. Acegi looks
like it will do the trick, it has some support for annotations as well,
thansk for pointing me in that direction.

Can I ask how your domain objects look if you were going to support
Hibernate, JAXB and Acegi? Would you have a philosophical objection to
putting the annotations on the actual domain objects and would have
wrappers or something? Or was your objection because I wanted to push
Stripes bindings down into the domain? And because Stripes is an MVC
framework it seems wrong?

Just curious ;)

Gary

VANKEISBELCK Remi wrote:

>Hey Gary,
>
>I understand your concern.
>
>Have you had a look at Acegi ? As far as I understood your problem,
>that could be the solution you need (without intrusion into your
>domain model) !
>It's actually much simpler than the security manager stuff, and works fine...
>
>Cheers
>
>Remi
>
>On 10/23/06, Gary Moselen <[hidden email]> wrote:
>  
>
>>No, I understand fine. I expose my domain objects as ActionBean
>>properties, so if I expose User in 5 different ActionBeans I dont want
>>to lock down the relationship to the Account object 5 times for each
>>ActionBean.
>>
>>Because I am exposing my domain objects, the security on the
>>relationships *is* part of the domain. I don't want anybody's code apart
>>from mine changing certain attributes on my domain objects. For example
>>I might serve and accept XML over HTTP, in this case  JAXB will do the
>>binding to the domain objects and I want to reuse the same @nnotations
>>in that case.
>>
>>But you might be right that I should keep this seperate from Stripes and
>>build my own set of @nnotations and look at using the standard
>>SecurityManager stuff.
>>
>>cheers,
>>Gary
>>
>>
>>-------------------------------------------------------------------------
>>Using Tomcat but need to do more? Need to support web services, security?
>>Get stuff done quickly with pre-integrated technology to make your job easier
>>Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>>_______________________________________________
>>Stripes-users mailing list
>>[hidden email]
>>https://lists.sourceforge.net/lists/listinfo/stripes-users
>>
>>    
>>
>
>
>  
>



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Some basic field-level security

Gary Moselen
In reply to this post by Barry Davies
>Since the annotations are at run time, can't you create a new bind
>annotation which, if present, jumps into the object and check's that
>object's bind annotations?  Thus allowing scary (to a few of us) bindings
>based on the model?  You know, like @Bind(class="com.you.webappgraph.Book")
>or something?

This is essentially what I wanted to do, which would have required
changes to the @BindAccess framework; except that you wouldn't need the
annotation to tell it to jump into the class, it could have done this
automatically.

But I think I'll be happy with using Acegi instead as it's more
appropriate for how I want to manage it.

Still think that the @BindAccess annotations will be useful for me
though, it makes explicit exactly what binding parameters are allowed;
it's like enforced documentation.

Gary
David Friedman wrote:

>I've never made an Annotation before so I'll pose what may be very stupid
>question:
>
>Since the annotations are at run time, can't you create a new bind
>annotation which, if present, jumps into the object and check's that
>object's bind annotations?  Thus allowing scary (to a few of us) bindings
>based on the model?  You know, like @Bind(class="com.you.webappgraph.Book")
>or something?
>
>Regards,
>David, up _too_ late to probably make any sense.
>
>-----Original Message-----
>From: [hidden email]
>[mailto:[hidden email]]On Behalf Of
>VANKEISBELCK Remi
>Sent: Tuesday, October 24, 2006 3:23 AM
>To: Stripes Users List
>Subject: Re: [Stripes-users] Some basic field-level security
>
>
>Hey Gary,
>
>I understand your concern.
>
>Have you had a look at Acegi ? As far as I understood your problem, that
>could be the solution you need (without intrusion into your domain model)!
>It's actually much simpler than the security manager stuff, and works
>fine...
>
>Cheers
>
>Remi
>
>
>-------------------------------------------------------------------------
>Using Tomcat but need to do more? Need to support web services, security?
>Get stuff done quickly with pre-integrated technology to make your job easier
>Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>_______________________________________________
>Stripes-users mailing list
>[hidden email]
>https://lists.sourceforge.net/lists/listinfo/stripes-users
>  
>



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Some basic field-level security

VANKEISBELCK Remi
In reply to this post by Gary Moselen
Hey Gary,

On 10/24/06, Gary Moselen <[hidden email]> wrote:
> I don't really think of annotations as intrusions into my domain model,
> they seem to seperate the different aspects pretty cleanly.

You've told it :-)
ACLs should be handled as aspects : this is a transversal feature that
should not be "hardcoded" in your B.O.s... I mean, a Domain Object
should not have any knowledge of what web framework you're using, you
know...

> Acegi looks
> like it will do the trick, it has some support for annotations as well,
> thansk for pointing me in that direction.

Yep, even if you can also do it in a 100% decoupled way (via
interceptors). All those ACL-based security systems work like this :
they allow you to declare security policies outside your object.

> Can I ask how your domain objects look if you were going to support
> Hibernate, JAXB and Acegi?

They don't even know it ! I don't know for JAXB, but usually my Domain
Objects are plain POJOs, possibly interface-driven, but you can't find
weird annotations in there, saying that the object is persistent or
secure : this is done in the HBM mappings and in the Acegi config.
This way, the POJOs really encapsulate the behavior and state only :
all external stuff is done externally, depending on the context (maybe
this POJO won't need security or persistence in another life ?)...

> Would you have a philosophical objection to
> putting the annotations on the actual domain objects and would have
> wrappers or something?

Yep. It's not because it looks nice that it is : actually IMHO in lots
of situations annotations are not really well used. I mean, I don't
have problems annotating action beans in Stripes with Stripes
annotations.
But having them in my business tier just sucks : what if I propose a
WebService too ? Rich Clients ??? Framework change ???

I'm not an integrist, I've also already used hbm annots in some
contexts... sometimes you have to break the rules if they don't
apply... but still I don't really like it. I prefer to separate the
concerns, and have everryone manage its own stuff separately (HBM
mappings in XML files, ACLs through AOP, etc.).

> Or was your objection because I wanted to push
> Stripes bindings down into the domain? And because Stripes is an MVC
> framework it seems wrong?

Stripes has to include this binding control of course, but this has to
be non intrusive for the Domain Models. You should be able to secure
binding on existing POJOs without adding annotations or such stuff
IMHO.

Have fun,

Rémi

--
Rémi VANKEISBELCK
[hidden email]
http://www.rvkb.com

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
Reply | Threaded
Open this post in threaded view
|

Re: Some basic field-level security

Gary Moselen
I have some sympathy for your thinking and have thought about this
before but I look at it in a different way now.

With aspects like Hibernate, JAXB they are all very interested in the
structure and relationships between your domain models, using mapping
files instead of annotations means you have to duplicate the structure
and relationships between your model objects in the mapping files or in
the XMLSchema. Changes to your model are very common and with
annotations these changes are more easily handled since the model
objects is the one place where the object relationships are defined.

The logic inside the methods is not tied at all to what annotations are
present, so in practice if I want to stop using Hibernate then deleting
all the Hibernate annotations is a very safe operation, nothing breaks,
as is adding a new set for some other aspect that the domain objects
participate in, it doesn't effect the domain logic or other aspects.

It does create unneccessary build  dependencies but in practice this
coupling causes no real trouble and I much prefer the annotations to
managing the mapping files.

Maybe this could be helped if there was some standard set of annotations
for describing the class relationships, like @OneToMany is useful
metadata for a lot of different aspects besides just Hibernate.

Gary

VANKEISBELCK Remi wrote:

>Hey Gary,
>
>On 10/24/06, Gary Moselen <[hidden email]> wrote:
>  
>
>>I don't really think of annotations as intrusions into my domain model,
>>they seem to seperate the different aspects pretty cleanly.
>>    
>>
>
>You've told it :-)
>ACLs should be handled as aspects : this is a transversal feature that
>should not be "hardcoded" in your B.O.s... I mean, a Domain Object
>should not have any knowledge of what web framework you're using, you
>know...
>
>  
>
>>Acegi looks
>>like it will do the trick, it has some support for annotations as well,
>>thansk for pointing me in that direction.
>>    
>>
>
>Yep, even if you can also do it in a 100% decoupled way (via
>interceptors). All those ACL-based security systems work like this :
>they allow you to declare security policies outside your object.
>
>  
>
>>Can I ask how your domain objects look if you were going to support
>>Hibernate, JAXB and Acegi?
>>    
>>
>
>They don't even know it ! I don't know for JAXB, but usually my Domain
>Objects are plain POJOs, possibly interface-driven, but you can't find
>weird annotations in there, saying that the object is persistent or
>secure : this is done in the HBM mappings and in the Acegi config.
>This way, the POJOs really encapsulate the behavior and state only :
>all external stuff is done externally, depending on the context (maybe
>this POJO won't need security or persistence in another life ?)...
>
>  
>
>>Would you have a philosophical objection to
>>putting the annotations on the actual domain objects and would have
>>wrappers or something?
>>    
>>
>
>Yep. It's not because it looks nice that it is : actually IMHO in lots
>of situations annotations are not really well used. I mean, I don't
>have problems annotating action beans in Stripes with Stripes
>annotations.
>But having them in my business tier just sucks : what if I propose a
>WebService too ? Rich Clients ??? Framework change ???
>
>I'm not an integrist, I've also already used hbm annots in some
>contexts... sometimes you have to break the rules if they don't
>apply... but still I don't really like it. I prefer to separate the
>concerns, and have everryone manage its own stuff separately (HBM
>mappings in XML files, ACLs through AOP, etc.).
>
>  
>
>>Or was your objection because I wanted to push
>>Stripes bindings down into the domain? And because Stripes is an MVC
>>framework it seems wrong?
>>    
>>
>
>Stripes has to include this binding control of course, but this has to
>be non intrusive for the Domain Models. You should be able to secure
>binding on existing POJOs without adding annotations or such stuff
>IMHO.
>
>Have fun,
>
>Rémi
>
>  
>



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Stripes-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/stripes-users
12