Re: implementation of permission subsystem

Fri, 04 Jun 2004 17:54:43 -0700 

One more thing, the system stores all user & group information in database
So storing role information in a tomcat/struts configuration isn't really
possible.

On Sat, Jun 05, 2004 at 08:59:41AM +0800, Ding Lei wrote:
> Hello folks,
>       I am working on a DVB(Digital video broadcasting) content management
> webapp, which is based on the struts framework.       It mainly includes application,
> service,network, user,broadcasting management & etc. The system is originally
> designed almost without considering security issues, i.e almost all operations
> are done without permission check.
>    Later on, I spent quite a few days attempting to implement a General permission
> control arch. with Dynamic Proxy, which checks a method's permission at runtime by 
> it's name.
> But soonly found out that this sytem's methods' naming are really a mess. For ex,
> some methods are called "del" which actually does the "remove" operation, & vice 
> versa.
> Even worse, same type of methods takes very different type of arguments ---- 
> a DVBUserManager.removeUser takes a DVBUser object as argument, and a 
> DVBNetworkManager takes
> a DVBNetwork object as argument. 
>   So .. I found then I was endlessly adding bunches of "if" to handle different 
> specific
> methods in the Dynamic Proxy class.
>   My question is, is there any good permission control framework provided 
> directly/indirectly
> for Struts/Tomcat based applications  ? 
>   If not, would you please suggest some others?
> 
>   Thank you.
> 
> 
> -- 
> Yours,
> 
>    <<<:::::   D i n g    L e i   ::::::>>
>  ||                                      ||
>  || Ext: 8106                            ||
>  || Email: <dinglei [A] ipanel [O] cn>   ||
>  || Dept. Of Technology/Engineering      ||
>  || Embedded Internet Solutions Inc.     ||
>  ||                                      ||
> <((((((    =====================     )))))>>>
>       
> The economy depends about as much on economists as the weather does on
> weather forecasters.
>               -- Jean-Paul Kauffmann
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

-- 
Yours,

   <<<:::::   D i n g    L e i   ::::::>>
 ||                                      ||
 || Ext: 8106                            ||
 || Email: <dinglei [A] ipanel [O] cn>   ||
 || Dept. Of Technology/Engineering      ||
 || Embedded Internet Solutions Inc.     ||
 ||                                      ||
<((((((    =====================     )))))>>>
        
"What is the robbing of a bank compared to the FOUNDING of a bank?"
                -- Bertold Brecht

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to