Menu
▾
▴
Re: [Exist-development] security refactoring
|
From: Dmitriy S. <sha...@gm...> - 2010-08-22 17:50:36
|
Hi All, I did made second stage commits: - new account 'SYSTEM' - id = 0, all documents & collections under /db/system (& system itself) owned by this account & DBA group - split User to Account & Subject, only one account instance per account. Subject have reference to it & also will response for authentication - finish security storage changes (one question left: delete principal procedure. I don't want to delete information, all metadata must be checked for references firstly) - hot configuration engine The API was changed: - add getRealmId methods to Principal - for Account manipulation to have 'Account' (change getUser to getAccount) - for Group manipulation to have 'Group' (change group manipulation methods to have 'group' in name instead of 'role') - 'add', 'update', 'delete' principal manipulations methods to have 'add', 'update', 'delete' TODO: 1. fix backup restore, automatic /db/system/users.xml migration question 2. principal delete procedure 3. make sure that old clients will work with new API, as example oXygen with old libs 4. stabilization This week I plan to finish refactoring & next LDAP & AD realms (hope, till September) On Wed, 2010-08-11 at 23:05 +0500, Dmitriy Shabanov wrote: > Hello, > > I did made first commit > ttp://exist.svn.sourceforge.net/exist/?rev=12393&view=rev > > WARNING: this commit disable SecurityManager reloading > on /db/system/users.xml document changes (switching to new mechanism) > -- Cheers, Dmitriy Shabanov |
