[aida] Security

Janko Mivšek janko.mivsek at eranova.si
Tue Oct 9 11:27:21 CEST 2007


Dirk Verleysen wrote:

> It answers my question but it's not the answer I'd liked to hear :-).
> 
> I'll try to do it with a script when I start my server.
> 

You can of course subclass and replace current SecurityManager with your 
own, which is populated when you image starts. You can also save changes 
back to disk too.

Access rights are set in such a way that only symbols are used for App 
class names. All you need is to recreate somehow users and groups and 
preserve their identity in access rights setup. This can be done easily 
with introduction of uuids for users and groups. When you save security 
settings, use uuids instead of object references ...

Janko


> ----- Original Message ----- 
> From: "Janko Mivšek" <janko.mivsek na eranova.si>
> To: "AIDA/Web general discussion list" <aida na aidaweb.si>
> Sent: Tuesday, October 09, 2007 10:41 AM
> Subject: Re: [aida] Security
> 
> 
>> Dirk Verleysen wrote:
>>
>>> I'm starting to understand it, but how do you save your security 
>>> settings?
>> Security settings are saved in image, as all other settings. So far I
>> didn't plan to save them differently. But I'm thinking to extend
>> user/group management with connection to LDAP server, so that' you'll be
>> able to use an existing, common and centralized identity management in
>> some company.
>>
>> Did you men that answer with your question?
>>
>> Best regards
>> Janko
>>
>>> Dirk
>>> ----- Original Message ----- 
>>> From: "Janko Mivšek" <janko.mivsek na eranova.si>
>>> To: "AIDA/Web general discussion list" <aida na aidaweb.si>
>>> Sent: Monday, October 08, 2007 10:16 PM
>>> Subject: Re: [aida] Security
>>>
>>>
>>>> Hi Dirk,
>>>>
>>>> I just came from the mountains, so the answer is a bit late :)
>>>>
>>>> And by the way, what an impressive web site you are building, not to
>>>> mention how feature rich is already. Good work!
>>>>
>>>> Dirk Verleysen wrote:
>>>>
>>>>> Is there some documentation available on Security ?
>>>> No, not yet, mainly because I'd like to rewrite Admin>Security part
>>>> before.
>>>>
>>>> Just FYI: this part is actually one of the first Aida web apps back from
>>>> 1996, so you can have a clue how things got started :)
>>>>
>>>>> I added the following to my site:
>>>>>  (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html'
>>>>> forObject: WebSecurityManager new.
>>>> I would not recommend to make another security manager, because there is
>>>> already one, accessible directly as anAIDASite securityManager and this
>>>> one is actually used by Aida while yours is not.
>>>>
>>>>> I now can add groups and users but cannot remove groups. Are there some
>>>>> rules for users and groups like Administrators, AllUsers, Guest ?
>>>> I see, group removing through web UI is currently broken, but you can
>>>> remove it manually through inspector for now. I'll patch this soon.
>>>>
>>>> User Guest is special because every user is Guest until he logs in. And
>>>> become again Guest when logout.
>>>>
>>>> Group Administrators is also special because users in that group have
>>>> kind of "root" privileges - they can do everything
>>>>
>>>> Group AllUsers is another special one, because all users are members of
>>>> that group by default.
>>>>
>>>> Group Registered Users holds users who went successfully through a
>>>> complete registration process to that group.
>>>>
>>>> To set up access rights, you should:
>>>>
>>>> - for public access, set access rights to group AllUsers
>>>> - for access to all guest users, set user Guest
>>>> - for access to all logged-in users, set group Registered Users
>>>> - to limit access even more you can set rights to each individual user
>>>> or add your own groups at set rights to them
>>>>
>>>> Access rights can be set for every WebApplication subclass (that is your
>>>> App class) and for its every view and action (update).
>>>>
>>>>
>>>> I hope that helps a bit.
>>>>
>>>> Best regards
>>>> Janko
>>>>
>>>>
>>>>
>>>>> Dirk
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> _______________________________________________
>>>>> Aida mailing list
>>>>> Aida na aidaweb.si
>>>>> http://lists.aidaweb.si/mailman/listinfo/aida
>>>> -- 
>>>> Janko Mivšek
>>>> AIDA/Web
>>>> Smalltalk Web Application Server
>>>> http://www.aidaweb.si
>>>> _______________________________________________
>>>> Aida mailing list
>>>> Aida na aidaweb.si
>>>> http://lists.aidaweb.si/mailman/listinfo/aida
>>>>
>>> _______________________________________________
>>> Aida mailing list
>>> Aida na aidaweb.si
>>> http://lists.aidaweb.si/mailman/listinfo/aida
>> -- 
>> Janko Mivšek
>> AIDA/Web
>> Smalltalk Web Application Server
>> http://www.aidaweb.si
>> _______________________________________________
>> Aida mailing list
>> Aida na aidaweb.si
>> http://lists.aidaweb.si/mailman/listinfo/aida
>>
> 
> _______________________________________________
> Aida mailing list
> Aida na aidaweb.si
> http://lists.aidaweb.si/mailman/listinfo/aida

-- 
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si


More information about the Aida mailing list