Well....When I did it I was using my own home-brewed hivemind hibernate service.
When a new Session was about to be bound to an incoming thread I would: -) Use the SessionStateManager service to get the incoming users Id information -) Call a stored procedure that set the global per-transaction bound userId attribute -) Give them the Session When the session thread was completed (the hivemind threadDidCleanup() service method), I would then set the global user value back to null. On 5/16/06, Denis McCarthy <[EMAIL PROTECTED]> wrote:
Good point Jesse - but wouldn't you then be required to have all your queries wrapped in procedures? I'm interested to know because I'd consider using oracle standard for a new project if we could do something FGAC-esque with Oracle standard (or even express). -----Original Message----- From: Jesse Kuhnert [mailto:[EMAIL PROTECTED] Sent: 16 May 2006 17:19 To: Tapestry users Subject: Re: Best pratice - CRUD Security - Tapestry 4.0 You don't need oracle fine grained access control to do the same thing. As long as your DB supports the notion of stored procs / global (transaction bound) variables you can do the same exact thing without it. On 5/16/06, Carl Pelletier <[EMAIL PROTECTED]> wrote: > > Unfortunetly, I'm using PostgreSQL. > > Thanks > > Denis McCarthy wrote: > > If you happen to be using oracle enterprise edition I'd highly recommend > > using Acegi in conjunction with Oracle Fine Grained Access Control > (FGAC) > > for database access checking. > > We've got a simple subclass of a datasource that overrides > getConnection() > > and sets the users Oracle context. This keeps the jdbc/hibernate code > very > > clean and ensures that the same security code is enforced even if > someone > > logs in via sql*plus, toad or any other tool. > > Nice. > > > > -----Original Message----- > > From: Andreas Bulling [mailto:[EMAIL PROTECTED] Behalf Of > > Andreas Bulling > > Sent: 16 May 2006 16:57 > > To: Tapestry users > > Subject: Re: Best pratice - CRUD Security - Tapestry 4.0 > > > > > > On 16. Mai 2006 - 10:45:45, Brian K. Wallace wrote: > > | This is where I stick with ACEGI being unobtrusive. Not discounting > any > > | other method of doing it at all, but I found that with ACEGI I add a > > | hook into "login/logout" pages and there's no other intrusion into my > > | Tapestry applications outside the configuration file (aka: no > > | "isUserInRole("...")" of any kind. > > > > But how is further access for example to the database checked? > > > > Andreas > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > ********************************************************************** > > This email and any files transmitted with it are confidential and/or > privileged and intended solely for the use of the individual or entity to > whom they are addressed. If you are not the intended recipient(s) please > note that any review, distribution, dissemination, disclosure, alteration, > printing, copying, transmission or use of this email and/or any file > transmitted or the information therein is prohibited and may be unlawful. If > you have received this email and any file transmitted with it in error > please notify us by email at [EMAIL PROTECTED] or by telephone at +353 > 66 97 61258 and then delete the email and all copies of it from your system > and destroy any hard copies of the email. > > Please note that any views, opinions or advice contained in this > communication are those of the sending individual and not necessarily those > of FEXCO. Email may be susceptible to data corruption, interception and > unauthorised amendment, and we do not accept liability for any such > corruption, interception or amendment or the consequences thereof. > > FEXCO and each legal entity in the FEXCO group of companies or business > units of FEXCO reserve the right to monitor all email communications through > its networks. This footnote also confirms that this email message has been > swept for viruses. > > www.FEXCO.com > > ********************************************************************** > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Jesse Kuhnert Tacos/Tapestry, team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind. ********************************************************************** This email and any files transmitted with it are confidential and/or privileged and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient(s) please note that any review, distribution, dissemination, disclosure, alteration, printing, copying, transmission or use of this email and/or any file transmitted or the information therein is prohibited and may be unlawful. If you have received this email and any file transmitted with it in error please notify us by email at [EMAIL PROTECTED] or by telephone at +353 66 97 61258 and then delete the email and all copies of it from your system and destroy any hard copies of the email. Please note that any views, opinions or advice contained in this communication are those of the sending individual and not necessarily those of FEXCO. Email may be susceptible to data corruption, interception and unauthorised amendment, and we do not accept liability for any such corruption, interception or amendment or the consequences thereof. FEXCO and each legal entity in the FEXCO group of companies or business units of FEXCO reserve the right to monitor all email communications through its networks. This footnote also confirms that this email message has been swept for viruses. www.FEXCO.com ********************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Jesse Kuhnert Tacos/Tapestry, team member/developer Open source based consulting work centered around dojo/tapestry/tacos/hivemind.
