Andrus, Thank you. I'll take a look and see what I can come up with once I get started.
Is there a published timetable for 3.0? Carl On 1/31/07, Andrus Adamchik <[EMAIL PROTECTED]> wrote:
Hi Carl, To be honest a few ROP projects that I've done used all-or-nothing security (if you are authenticated, you can do anything). Still I've been also thinking about more fine-grained approach. My solution would be to set up a custom 'org.apache.cayenne.DataChannel' decorator, adding custom security checks to 'onQuery()' and 'onSync' methods. In the simplest case, you can have the following security levels: 1. Restricted: only NamedQuery requests are honored, 'onSync' is denied. 2. Read-only: onQuery() allows all but SQLTemplate queries, 'onSync' is denied. 3. Full 4. Custom - check custom rules. Also I haven't yet explored the use of the new 3.0 callbacks as a security mechanism, probably there are some opportunities there: http://cayenne.apache.org/preview/CAYDOC/lifecycle-callbacks.html Andrus On Jan 31, 2007, at 4:23 PM, Carl Mosca wrote: > I am wondering about security (user, query, role level). What > approaches > have been taken by those using ROP for a some time? > > TIA, > -- > Carl J. Mosca
-- Carl J. Mosca
