Announcement Announcement Module
No announcement yet.
RCP and Security on a fine grained level? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • RCP and Security on a fine grained level?

    It's been a typical day here, I've wound up somewhere totally different than where I thought I would be - here.

    I was getting used to NetBeans GUI builder and trying to find an intuitive way to integrate Swing apps with Spring, which led me to explore the Swing app framework (JSR 296), which led me to multiple articles about how SAF currently sucks because of the underlying architecture and the reluctance/inability of that team to see the need to refactor it (not to mention that it may either be dead or released half baked).

    That said I kept seeing mention of Spring, IOC, and sometime Spring RCP.

    I use Spring (Security, Core, some other odds and ends) and I am familiar with it. I have implemented a Swing prototype that uses Spring Security to login/authenticate, and I started to implement using Permissions to tie various actions (enabling/disabling, showing/hiding) that are typical use cases in Swing apps where there are users with different security roles.

    So, I came back here and I am diving into RCP instead of SAF. Like most Spring projects I like what I see so far. Kind of disconcerting the scarcity of docs after 4+ years, but what are you going to do - SAF looks stillborn.

    Anyway, I was digging around the forum and the docs for info on security. The copy of the docs I dug up (literally had to go digging here) had a few paragraphs on security then just stopped hanging in midair, not even coming close to telling me what I want to know much less giving me any real info.

    This assumes you have a security controller named mySecurityController defined in your application context.
    Rest of the text
    Maybe my copy is corrupt?

    But enough b***** and on to my questions.

    I have downloaded the code/docs and searched through them, I've searched the forum and come up with these threads and references:

    So, I gather there is considerable code and logic for security. More than I thought there would be. Bravo. Well done.

    However, back to the use case - not necessarily enabling commands (which is useful), but simply enabling/disabling/hiding/showing a menu/button/etc. - is there a straightforward way to do this?

    I don't want to reinvent the wheel, but my solution seemed straight-forward. Although not particularly elegant it didn't seem ugly either and reused the concept of Java Permissions. I extended Permissions and in a policy file I create grants for permissions on particular components. I can then load those permissions for a given component and examine the roles and privileges in the grant. Based on that info I can then decide whether to enable/disable/etc.

    Seems cleaner than the typical hard coded approach you see in a lot of apps. The permissions/grants are decoupled and can be configured separately from the app/module. The logic doesn't need to know which role does what, it just matches the role of the grant to the role of the current user.

    So, is there something similar or better in RCP?

  • #2
    1.3.4. Commands
    The entire menu bar system and derived navigational structures are command based. In essence, this means youíll never make a JMenu or JMenuItem manually again. Ever. Simply put, youíll create a command, which contains code that needs to be executed (for example, change a view or print the current selected item). Spring Rich Client will handle the creation of the visual components and couple the command behavior to the visual componentís behavior.
    ^^ Partial answer - I think - at least for menus, possibly buttons etc. that generally have commands associated with them (I have done something similar before).

    But what about other components - like text fields?

    Does the same concept extend there?



    • #3
      Owkay... Security in Spring RCP. That's still one of the chapters I'm struggling with to document in time.

      Spring RCP has a complete integration with Spring Security. In short, commands can have a security controller assigned to them, which then enables or disables those commands based on that controller. Take a look at AbstractSecurityController.

      I'm looking at the moment into a more elegant solution which enables you to define in the commands context the authorities needed for running a specific command, instead of the current controller-per-role based system.

      The whole security concept is AOP based and revolves around the SecurityControllable interface.