Security
Locked
 
|
Janko,
Is there some documentation available on Security ? I added the following to my site: (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html' forObject: WebSecurityManager new. I now can add groups and users but cannot remove groups. Are there some rules for users and groups like Administrators, AllUsers, Guest ? Dirk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.aidaweb.si/pipermail/aida/attachments/20071008/e78611e6/attachment.htm |
|
|
Hi Dirk,
I just came from the mountains, so the answer is a bit late :) And by the way, what an impressive web site you are building, not to mention how feature rich is already. Good work! Dirk Verleysen wrote: > Is there some documentation available on Security ? No, not yet, mainly because I'd like to rewrite Admin>Security part before. Just FYI: this part is actually one of the first Aida web apps back from 1996, so you can have a clue how things got started :) > I added the following to my site: > (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html' > forObject: WebSecurityManager new. I would not recommend to make another security manager, because there is already one, accessible directly as anAIDASite securityManager and this one is actually used by Aida while yours is not. > I now can add groups and users but cannot remove groups. Are there some > rules for users and groups like Administrators, AllUsers, Guest ? I see, group removing through web UI is currently broken, but you can remove it manually through inspector for now. I'll patch this soon. User Guest is special because every user is Guest until he logs in. And become again Guest when logout. Group Administrators is also special because users in that group have kind of "root" privileges - they can do everything Group AllUsers is another special one, because all users are members of that group by default. Group Registered Users holds users who went successfully through a complete registration process to that group. To set up access rights, you should: - for public access, set access rights to group AllUsers - for access to all guest users, set user Guest - for access to all logged-in users, set group Registered Users - to limit access even more you can set rights to each individual user or add your own groups at set rights to them Access rights can be set for every WebApplication subclass (that is your App class) and for its every view and action (update). I hope that helps a bit. Best regards Janko > Dirk > > > ------------------------------------------------------------------------ > > _______________________________________________ > Aida mailing list > Aida na aidaweb.si > http://lists.aidaweb.si/mailman/listinfo/aida -- Janko Miv?ek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si |
|
|
I'm starting to understand it, but how do you save your security settings?
Dirk ----- Original Message ----- From: "Janko Miv?ek" <janko.mivsek op eranova.si> To: "AIDA/Web general discussion list" <aida op aidaweb.si> Sent: Monday, October 08, 2007 10:16 PM Subject: Re: [aida] Security > Hi Dirk, > > I just came from the mountains, so the answer is a bit late :) > > And by the way, what an impressive web site you are building, not to > mention how feature rich is already. Good work! > > Dirk Verleysen wrote: > >> Is there some documentation available on Security ? > > No, not yet, mainly because I'd like to rewrite Admin>Security part > before. > > Just FYI: this part is actually one of the first Aida web apps back from > 1996, so you can have a clue how things got started :) > >> I added the following to my site: >> (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html' >> forObject: WebSecurityManager new. > > I would not recommend to make another security manager, because there is > already one, accessible directly as anAIDASite securityManager and this > one is actually used by Aida while yours is not. > >> I now can add groups and users but cannot remove groups. Are there some >> rules for users and groups like Administrators, AllUsers, Guest ? > > I see, group removing through web UI is currently broken, but you can > remove it manually through inspector for now. I'll patch this soon. > > User Guest is special because every user is Guest until he logs in. And > become again Guest when logout. > > Group Administrators is also special because users in that group have > kind of "root" privileges - they can do everything > > Group AllUsers is another special one, because all users are members of > that group by default. > > Group Registered Users holds users who went successfully through a > complete registration process to that group. > > To set up access rights, you should: > > - for public access, set access rights to group AllUsers > - for access to all guest users, set user Guest > - for access to all logged-in users, set group Registered Users > - to limit access even more you can set rights to each individual user > or add your own groups at set rights to them > > Access rights can be set for every WebApplication subclass (that is your > App class) and for its every view and action (update). > > > I hope that helps a bit. > > Best regards > Janko > > > >> Dirk >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Aida mailing list >> Aida op aidaweb.si >> http://lists.aidaweb.si/mailman/listinfo/aida > > -- > Janko Miv?ek > AIDA/Web > Smalltalk Web Application Server > http://www.aidaweb.si > _______________________________________________ > Aida mailing list > Aida op aidaweb.si > http://lists.aidaweb.si/mailman/listinfo/aida > |
|
|
Dirk Verleysen wrote:
> I'm starting to understand it, but how do you save your security settings? Security settings are saved in image, as all other settings. So far I didn't plan to save them differently. But I'm thinking to extend user/group management with connection to LDAP server, so that' you'll be able to use an existing, common and centralized identity management in some company. Did you men that answer with your question? Best regards Janko > > Dirk > ----- Original Message ----- > From: "Janko Miv?ek" <janko.mivsek na eranova.si> > To: "AIDA/Web general discussion list" <aida na aidaweb.si> > Sent: Monday, October 08, 2007 10:16 PM > Subject: Re: [aida] Security > > >> Hi Dirk, >> >> I just came from the mountains, so the answer is a bit late :) >> >> And by the way, what an impressive web site you are building, not to >> mention how feature rich is already. Good work! >> >> Dirk Verleysen wrote: >> >>> Is there some documentation available on Security ? >> No, not yet, mainly because I'd like to rewrite Admin>Security part >> before. >> >> Just FYI: this part is actually one of the first Aida web apps back from >> 1996, so you can have a clue how things got started :) >> >>> I added the following to my site: >>> (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html' >>> forObject: WebSecurityManager new. >> I would not recommend to make another security manager, because there is >> already one, accessible directly as anAIDASite securityManager and this >> one is actually used by Aida while yours is not. >> >>> I now can add groups and users but cannot remove groups. Are there some >>> rules for users and groups like Administrators, AllUsers, Guest ? >> I see, group removing through web UI is currently broken, but you can >> remove it manually through inspector for now. I'll patch this soon. >> >> User Guest is special because every user is Guest until he logs in. And >> become again Guest when logout. >> >> Group Administrators is also special because users in that group have >> kind of "root" privileges - they can do everything >> >> Group AllUsers is another special one, because all users are members of >> that group by default. >> >> Group Registered Users holds users who went successfully through a >> complete registration process to that group. >> >> To set up access rights, you should: >> >> - for public access, set access rights to group AllUsers >> - for access to all guest users, set user Guest >> - for access to all logged-in users, set group Registered Users >> - to limit access even more you can set rights to each individual user >> or add your own groups at set rights to them >> >> Access rights can be set for every WebApplication subclass (that is your >> App class) and for its every view and action (update). >> >> >> I hope that helps a bit. >> >> Best regards >> Janko >> >> >> >>> Dirk >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Aida mailing list >>> Aida na aidaweb.si >>> http://lists.aidaweb.si/mailman/listinfo/aida >> -- >> Janko Miv?ek >> AIDA/Web >> Smalltalk Web Application Server >> http://www.aidaweb.si >> _______________________________________________ >> Aida mailing list >> Aida na aidaweb.si >> http://lists.aidaweb.si/mailman/listinfo/aida >> > > _______________________________________________ > Aida mailing list > Aida na aidaweb.si > http://lists.aidaweb.si/mailman/listinfo/aida -- Janko Miv?ek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si |
|
|
Janko,
It answers my question but it's not the answer I'd liked to hear :-). I'll try to do it with a script when I start my server. Dirk ----- Original Message ----- From: "Janko Miv?ek" <janko.mivsek op eranova.si> To: "AIDA/Web general discussion list" <aida op aidaweb.si> Sent: Tuesday, October 09, 2007 10:41 AM Subject: Re: [aida] Security > Dirk Verleysen wrote: > >> I'm starting to understand it, but how do you save your security >> settings? > > Security settings are saved in image, as all other settings. So far I > didn't plan to save them differently. But I'm thinking to extend > user/group management with connection to LDAP server, so that' you'll be > able to use an existing, common and centralized identity management in > some company. > > Did you men that answer with your question? > > Best regards > Janko > >> >> Dirk >> ----- Original Message ----- >> From: "Janko Miv?ek" <janko.mivsek op eranova.si> >> To: "AIDA/Web general discussion list" <aida op aidaweb.si> >> Sent: Monday, October 08, 2007 10:16 PM >> Subject: Re: [aida] Security >> >> >>> Hi Dirk, >>> >>> I just came from the mountains, so the answer is a bit late :) >>> >>> And by the way, what an impressive web site you are building, not to >>> mention how feature rich is already. Good work! >>> >>> Dirk Verleysen wrote: >>> >>>> Is there some documentation available on Security ? >>> No, not yet, mainly because I'd like to rewrite Admin>Security part >>> before. >>> >>> Just FYI: this part is actually one of the first Aida web apps back from >>> 1996, so you can have a clue how things got started :) >>> >>>> I added the following to my site: >>>> (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html' >>>> forObject: WebSecurityManager new. >>> I would not recommend to make another security manager, because there is >>> already one, accessible directly as anAIDASite securityManager and this >>> one is actually used by Aida while yours is not. >>> >>>> I now can add groups and users but cannot remove groups. Are there some >>>> rules for users and groups like Administrators, AllUsers, Guest ? >>> I see, group removing through web UI is currently broken, but you can >>> remove it manually through inspector for now. I'll patch this soon. >>> >>> User Guest is special because every user is Guest until he logs in. And >>> become again Guest when logout. >>> >>> Group Administrators is also special because users in that group have >>> kind of "root" privileges - they can do everything >>> >>> Group AllUsers is another special one, because all users are members of >>> that group by default. >>> >>> Group Registered Users holds users who went successfully through a >>> complete registration process to that group. >>> >>> To set up access rights, you should: >>> >>> - for public access, set access rights to group AllUsers >>> - for access to all guest users, set user Guest >>> - for access to all logged-in users, set group Registered Users >>> - to limit access even more you can set rights to each individual user >>> or add your own groups at set rights to them >>> >>> Access rights can be set for every WebApplication subclass (that is your >>> App class) and for its every view and action (update). >>> >>> >>> I hope that helps a bit. >>> >>> Best regards >>> Janko >>> >>> >>> >>>> Dirk >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> Aida mailing list >>>> Aida op aidaweb.si >>>> http://lists.aidaweb.si/mailman/listinfo/aida >>> -- >>> Janko Miv?ek >>> AIDA/Web >>> Smalltalk Web Application Server >>> http://www.aidaweb.si >>> _______________________________________________ >>> Aida mailing list >>> Aida op aidaweb.si >>> http://lists.aidaweb.si/mailman/listinfo/aida >>> >> >> _______________________________________________ >> Aida mailing list >> Aida op aidaweb.si >> http://lists.aidaweb.si/mailman/listinfo/aida > > -- > Janko Miv?ek > AIDA/Web > Smalltalk Web Application Server > http://www.aidaweb.si > _______________________________________________ > Aida mailing list > Aida op aidaweb.si > http://lists.aidaweb.si/mailman/listinfo/aida > |
|
|
Dirk Verleysen wrote:
> It answers my question but it's not the answer I'd liked to hear :-). > > I'll try to do it with a script when I start my server. > You can of course subclass and replace current SecurityManager with your own, which is populated when you image starts. You can also save changes back to disk too. Access rights are set in such a way that only symbols are used for App class names. All you need is to recreate somehow users and groups and preserve their identity in access rights setup. This can be done easily with introduction of uuids for users and groups. When you save security settings, use uuids instead of object references ... Janko > ----- Original Message ----- > From: "Janko Miv?ek" <janko.mivsek na eranova.si> > To: "AIDA/Web general discussion list" <aida na aidaweb.si> > Sent: Tuesday, October 09, 2007 10:41 AM > Subject: Re: [aida] Security > > >> Dirk Verleysen wrote: >> >>> I'm starting to understand it, but how do you save your security >>> settings? >> Security settings are saved in image, as all other settings. So far I >> didn't plan to save them differently. But I'm thinking to extend >> user/group management with connection to LDAP server, so that' you'll be >> able to use an existing, common and centralized identity management in >> some company. >> >> Did you men that answer with your question? >> >> Best regards >> Janko >> >>> Dirk >>> ----- Original Message ----- >>> From: "Janko Miv?ek" <janko.mivsek na eranova.si> >>> To: "AIDA/Web general discussion list" <aida na aidaweb.si> >>> Sent: Monday, October 08, 2007 10:16 PM >>> Subject: Re: [aida] Security >>> >>> >>>> Hi Dirk, >>>> >>>> I just came from the mountains, so the answer is a bit late :) >>>> >>>> And by the way, what an impressive web site you are building, not to >>>> mention how feature rich is already. Good work! >>>> >>>> Dirk Verleysen wrote: >>>> >>>>> Is there some documentation available on Security ? >>>> No, not yet, mainly because I'd like to rewrite Admin>Security part >>>> before. >>>> >>>> Just FYI: this part is actually one of the first Aida web apps back from >>>> 1996, so you can have a clue how things got started :) >>>> >>>>> I added the following to my site: >>>>> (AIDASite named: 'SKH') urlResolver defaultURL: '/security.html' >>>>> forObject: WebSecurityManager new. >>>> I would not recommend to make another security manager, because there is >>>> already one, accessible directly as anAIDASite securityManager and this >>>> one is actually used by Aida while yours is not. >>>> >>>>> I now can add groups and users but cannot remove groups. Are there some >>>>> rules for users and groups like Administrators, AllUsers, Guest ? >>>> I see, group removing through web UI is currently broken, but you can >>>> remove it manually through inspector for now. I'll patch this soon. >>>> >>>> User Guest is special because every user is Guest until he logs in. And >>>> become again Guest when logout. >>>> >>>> Group Administrators is also special because users in that group have >>>> kind of "root" privileges - they can do everything >>>> >>>> Group AllUsers is another special one, because all users are members of >>>> that group by default. >>>> >>>> Group Registered Users holds users who went successfully through a >>>> complete registration process to that group. >>>> >>>> To set up access rights, you should: >>>> >>>> - for public access, set access rights to group AllUsers >>>> - for access to all guest users, set user Guest >>>> - for access to all logged-in users, set group Registered Users >>>> - to limit access even more you can set rights to each individual user >>>> or add your own groups at set rights to them >>>> >>>> Access rights can be set for every WebApplication subclass (that is your >>>> App class) and for its every view and action (update). >>>> >>>> >>>> I hope that helps a bit. >>>> >>>> Best regards >>>> Janko >>>> >>>> >>>> >>>>> Dirk >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> Aida mailing list >>>>> Aida na aidaweb.si >>>>> http://lists.aidaweb.si/mailman/listinfo/aida >>>> -- >>>> Janko Miv?ek >>>> AIDA/Web >>>> Smalltalk Web Application Server >>>> http://www.aidaweb.si >>>> _______________________________________________ >>>> Aida mailing list >>>> Aida na aidaweb.si >>>> http://lists.aidaweb.si/mailman/listinfo/aida >>>> >>> _______________________________________________ >>> Aida mailing list >>> Aida na aidaweb.si >>> http://lists.aidaweb.si/mailman/listinfo/aida >> -- >> Janko Miv?ek >> AIDA/Web >> Smalltalk Web Application Server >> http://www.aidaweb.si >> _______________________________________________ >> Aida mailing list >> Aida na aidaweb.si >> http://lists.aidaweb.si/mailman/listinfo/aida >> > > _______________________________________________ > Aida mailing list > Aida na aidaweb.si > http://lists.aidaweb.si/mailman/listinfo/aida -- Janko Miv?ek AIDA/Web Smalltalk Web Application Server http://www.aidaweb.si |
«
Return to AIDA/Web
|
1 view|%1 views
| Free forum by Nabble | Edit this page |