Orbeon Forms community mailing list

Adding Authentication

classic Classic list List threaded Threaded
3 messages Options
Ryan Puddephatt
Reply | Threaded
Open this post in threaded view
|

Adding Authentication

Ryan Puddephatt

Hi all,

            I’ve got a problem that I can’t seem to find the best solution for. I have an application that requires 3 sets of people to view it, these are Users, Admins, and Developers. The application has about 15 different utilities, which some groups can view and some can’t

 

I currently have my urls set up to /peaUtilities/utilityURL, but I want them to use

 

/peaUtilities/dev/utilityURL

/peaUtilities/admin/utilityURL

/peaUtilities/user/utilityURL

 

Now I’m going to use apache/tomcat to restrict access based on the user details that they have to provide for the server, that’s not the problem. The problem is I have submission urls etc. that some people can view and some can’t. I thought about taking the page-flow and surrounding groups with <page-group access=”dev admin user”> then using XSLT to filter them as I need them. Any better ideas would be appreciated?

 

The other problem is the submissions, is there a way for it to carry the /dev part of the URL? Or how would I detect it?

 

Any ideas on this would be great, if anyone else has come up against this and has a solution that would be helpful!

 

Thanks in advance

 

Ryan Puddephatt

Software Engineer

TFX Group - IT UK

1 Michaelson Square

Livingston

West Lothian

Scotand

EH54 7DP

 

* [hidden email]

( 01506 407 110

7  01506 407 108

 

 



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Ross Horne
Reply | Threaded
Open this post in threaded view
|

Re: Adding Authentication

Ross Horne
Ryan,

I have tackled a similar problem by including a sub pipeline in the model pipeline of any binding that requires a security check (The inclusion itself may be automated or manual).

The sub pipeline takes in some information about the security restriction of the "page" (in my case a URI for an owl:Class), cross references it with the logged user, from the session and database possibly, before outputting a verdict.

This may take a little bit to implement given that it does not use in built security functionality but I find it works neatly. Are there any other custom security models out there?

Ross.


On 06/04/06, Ryan Puddephatt <[hidden email]> wrote:

Hi all,

            I've got a problem that I can't seem to find the best solution for. I have an application that requires 3 sets of people to view it, these are Users, Admins, and Developers. The application has about 15 different utilities, which some groups can view and some can't

 

I currently have my urls set up to /peaUtilities/utilityURL, but I want them to use

 

/peaUtilities/dev/utilityURL

/peaUtilities/admin/utilityURL

/peaUtilities/user/utilityURL

 

Now I'm going to use apache/tomcat to restrict access based on the user details that they have to provide for the server, that's not the problem. The problem is I have submission urls etc. that some people can view and some can't. I thought about taking the page-flow and surrounding groups with <page-group access="dev admin user"> then using XSLT to filter them as I need them. Any better ideas would be appreciated?

 

The other problem is the submissions, is there a way for it to carry the /dev part of the URL? Or how would I detect it?

 

Any ideas on this would be great, if anyone else has come up against this and has a solution that would be helpful!

 

Thanks in advance

 

Ryan Puddephatt

Software Engineer

TFX Group - IT UK

1 Michaelson Square

Livingston

West Lothian

Scotand

EH54 7DP

 

* [hidden email]

( 01506 407 110

7  01506 407 108

 

 



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto: [hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.objectweb.org/wws" target="_blank">http://www.objectweb.org/wws





--
telephones
07921 906 453 (mobile)
07879 052 143 (alternative mobile)
01573 225 400 (Kelso)

address
1 Tweedsyde Park
Kelso
Roxburghshire
TD5 7RF

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Ryan Puddephatt
Reply | Threaded
Open this post in threaded view
|

RE: Adding Authentication

Ryan Puddephatt

Thanks Ross, sounds like a good implementation.

 

At all our user info is stored in an LDAP database and our apache server does all the authentication decision making! So I just need to handle all the submission to keep them at /peaUtilities/user/blah rather than them changing to /peaUtilities/blah

 

Ryan Puddephatt

Software Engineer

TFX Group - IT UK

1 Michaelson Square

Livingston

West Lothian

Scotand

EH54 7DP

 

* [hidden email]

( 01506 407 110

7  01506 407 108

 

From: Ross Horne [mailto:[hidden email]]
Sent: 06 April 2006 16:28
To: [hidden email]
Subject: Re: [ops-users] Adding Authentication

 

Ryan,

I have tackled a similar problem by including a sub pipeline in the model pipeline of any binding that requires a security check (The inclusion itself may be automated or manual).

The sub pipeline takes in some information about the security restriction of the "page" (in my case a URI for an owl:Class), cross references it with the logged user, from the session and database possibly, before outputting a verdict.

This may take a little bit to implement given that it does not use in built security functionality but I find it works neatly. Are there any other custom security models out there?

Ross.


On 06/04/06, Ryan Puddephatt <[hidden email]> wrote:

Hi all,

            I've got a problem that I can't seem to find the best solution for. I have an application that requires 3 sets of people to view it, these are Users, Admins, and Developers. The application has about 15 different utilities, which some groups can view and some can't

 

I currently have my urls set up to /peaUtilities/utilityURL, but I want them to use

 

/peaUtilities/dev/utilityURL

/peaUtilities/admin/utilityURL

/peaUtilities/user/utilityURL

 

Now I'm going to use apache/tomcat to restrict access based on the user details that they have to provide for the server, that's not the problem. The problem is I have submission urls etc. that some people can view and some can't. I thought about taking the page-flow and surrounding groups with <page-group access="dev admin user"> then using XSLT to filter them as I need them. Any better ideas would be appreciated?

 

The other problem is the submissions, is there a way for it to carry the /dev part of the URL? Or how would I detect it?

 

Any ideas on this would be great, if anyone else has come up against this and has a solution that would be helpful!

 

Thanks in advance

 

Ryan Puddephatt

Software Engineer

TFX Group - IT UK

1 Michaelson Square

Livingston

West Lothian

Scotand

EH54 7DP

 

* [hidden email]

( 01506 407 110

7  01506 407 108

 

 



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto: [hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws




--
telephones
07921 906 453 (mobile)
07879 052 143 (alternative mobile)
01573 225 400 (Kelso)

address
1 Tweedsyde Park
Kelso
Roxburghshire
TD5 7RF



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Free forum by Nabble Edit this page