smartweb-devel Mailing List for SmartWeb (Page 8)
Brought to you by:
rlogiacco
Menu
▾
▴
smartweb-devel — Dedicated to framework developers
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(3) |
Feb
(2) |
Mar
(1) |
Apr
(3) |
May
(4) |
Jun
(3) |
Jul
(6) |
Aug
(1) |
Sep
(5) |
Oct
(7) |
Nov
(52) |
Dec
(3) |
| 2008 |
Jan
(18) |
Feb
(1) |
Mar
(4) |
Apr
(30) |
May
(19) |
Jun
(5) |
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
(1) |
Mar
(10) |
Apr
|
May
(2) |
Jun
(3) |
Jul
|
Aug
(2) |
Sep
(5) |
Oct
(4) |
Nov
|
Dec
|
|
From: rlogiacco <rlo...@us...> - 2007-07-31 13:23:31
|
Other requirements I've missed are: #. do not store clear password, instead store an hash of the password and on login check the providen password produces the same hash; #. add a new status to mark users who MUST change their password on logon (usefull for many actions); #. add "password forgotten" functionality which must generate a new password, replace the old one and allow the caller to notify the new password to the user (by email, on screen, by SMS or any other communication channel you can think of). rlogiacco wrote: > > Anyway, returning to the topic, I'm here to define the requisites of the > module to share and clarify them once and for all. > > 1. users and groups should be threated in a similar manner being > interchangeable; > 2. the administrator must be able to tell the module "allow user/group X > to operate in the role Y only if the function operates on object of type Z > and id N [ and current time is between 8am and 6pm ]" with the last part > optional and customizable; > 3. permissions and rules should be customizable through a configuration > file without intervention into the code, allowing a method level > granularity similarly to the EJB security constraints; > 4. users are stored by default on database, but other sources for datas > (LDAP for example) should be configurable; > 5. no constraints between the auth module datas and other modules to allow > deployment on separate databases; > 6. no class constraints and no requirements on the classes using the > module: as stated before the security constraint should be activatable at > configuration time (AOP should be the solution); > 7. customizability both of authentication process and authorization > process like "no logins for users in role X between 8pm and 8am" or > "disallow requests to function F if more than 5 users already logged" > through custom classes and configuration; > 8. ability to load balance the module with the web application; > 9. ability to check credentials both on presentation tier "show this field > only if user is authorized" and on business tier "allow this operation > only if user is authorized" > 10. support for distributed presentation and business tiers (on two or > more servers) and implicit transmission of credentials (needs integration > with JAAS) > > Have I forgot something? > > Roberto > -- View this message in context: http://www.nabble.com/Requirements-for-auth-module-tf3513039s17546.html#a11923937 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-07-31 13:16:50
|
Agreed! :handshake: Do you think you can start reorganizing the documentation site? I'll provid= e you any support you can need... :-) amarini wrote: >=20 > Here some guide lines to organize the documentation. >=20 > In the first page we should explain who can draw utility by using SmartWe= b > running from the typology of applications for which it is recommended, in > what it differs from others OpenSource, which problematic it tries to > resolve and in what way. >=20 > The user=E2=80=99s manual should be splitted up for the several tier, fol= lowing > the suggestion that we give, to separate the tasks, for tier. For every > tier we should describe how the interaction with the adjacent tier > happens, which are the tools that we put on hand and how use them. This > manual should cover also JUnit=E2=80=99s tests realization.=20 >=20 > Side by side we should produce a tutorial that could guide step to step i= n > the realization of a web application (e-commerce web site seems to be a > tempting example). It could also be used inside in order to demonstrate > the different phases of a project, like how made the analysis when and ho= w > made tests.=20 >=20 > The guide to the configuration instead should be something much specific > referred to configuration=E2=80=99s files(currently they are only copies = of > external configuration=E2=80=99s files=E2=80=A6.). >=20 > In this viewpoint the architecture, that at the moment is one of main > documents, should become a secondary document recalled from other > documents (in the home, the user=E2=80=99s manual and in the study case). >=20 >=20 --=20 View this message in context: http://www.nabble.com/How-organize-documentat= ion-tf4051907s17546.html#a11923795 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: amarini <ann...@gm...> - 2007-07-09 20:47:09
|
Here some guide lines to organize the documentation. In the first page we should explain who can draw utility by using SmartWeb running from the typology of applications for which it is recommended, in what it differs from others OpenSource, which problematic it tries to resolve and in what way. The user=E2=80=99s manual should be splitted up for the several tier, follo= wing the suggestion that we give, to separate the tasks, for tier. For every tier we should describe how the interaction with the adjacent tier happens, which are the tools that we put on hand and how use them. This manual should cove= r also JUnit=E2=80=99s tests realization.=20 Side by side we should produce a tutorial that could guide step to step in the realization of a web application (e-commerce web site seems to be a tempting example). It could also be used inside in order to demonstrate the different phases of a project, like how made the analysis when and how made tests.=20 The guide to the configuration instead should be something much specific referred to configuration=E2=80=99s files(currently they are only copies of= external configuration=E2=80=99s files=E2=80=A6.). In this viewpoint the architecture, that at the moment is one of main documents, should become a secondary document recalled from other documents (in the home, the user=E2=80=99s manual and in the study case). --=20 View this message in context: http://www.nabble.com/How-organize-documentat= ion-tf4051907s17546.html#a11509452 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: amarini <ann...@gm...> - 2007-07-05 12:03:10
|
Here is a short document that would be the exposition of my previous er diagram... Let me know if you need more extending. Thank's AUTHORIZATIONS The module for authorizations management has a much simple structure. It must come out easy performing and understanding but at the same time it must be useful, highly flexible such to produce it untied from the chosen platform for the applications development. For this reason, the entities reflect the greater problems but at the same time the most common reality. The module resolves both authentication and permissions. AUTHENTICATION The authentication occurs through the ascription of an user and/or a group to a subject. Defined features belong to the subject and they allow to bridge possible external structures in order to couple the useful information to the regular management of the authentication of the subject. PERMISSIONS The permissions are declared through their grant to a subject. They are composed from the definition of the scopes and from the privileges that belongs to the specific roles of the subject. The scopes define necessary properties to specify the limit of action for the tracing of the data and they are directly tied to permissions. The privileges establish the allowed functionalities for the role attributed to the subject and they are directly tied to roles. -- View this message in context: http://www.nabble.com/Requirements-for-auth-module-tf3513039s17546.html#a11445153 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: amarini <ann...@gm...> - 2007-06-28 09:19:10
|
Here the diagram=E2=80=A6 I identify a subject to which I tie some features, to bridge possible external structures, to allow for example a registry identification or to describe subject=E2=80=99s qualities, etc....=20 The user and/or the group complete the authentication of a subject, while, the pertinent authorizations are declared from scopes and privileges (the last ones, directly tied to the role). The scopes define the requisite properties to specify the limit of action for the tracing of the data while the privileges establish the allowed functionalities for the attributed role. I=E2=80=99ll wait your remark=E2=80=A6 http://www.nabble.com/file/p11339787/er1.clay er1.clay=20 --=20 View this message in context: http://www.nabble.com/Requirements-for-auth-m= odule-tf3513039s17546.html#a11339787 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-06-22 20:29:48
|
amarini wrote: >=20 > My idea on the management of the authorizations is that the structure mus= t > be the much simple one, easy performing and understanding but at the same > time useful, highly flexible and untied from the platform. >=20 We share the same vision :-) amarini wrote: >=20 > A user, assimilating to others, can approach something, often leaked and > can manage it to a defined level: user, group, role, property, permission= .=20 > All without subordination of an entity to one another: a user can be in > relation to one or more groups but can also be free and vice versa; both > can have one or more roles to which grant permissions in order to manage > the access to the functionalities (where to navigate, what to visualize, > how to interact) and both can have property in order to manage the tracin= g > of the data (which geographic, economic, temporal contents=E2=80=A6). >=20 Actually you depicted 90% of the smartweb auth module, but you added something: a new perspective to the problem which I would better investigate. I think you are proposing to resolve the scope and function problems with a standard parameters map through which associate properties to roles and users... It could be a simple solution to the big problem: what about helping us to analyze the idea? I think a little bit of documentation can help: an ER or class diagram should do the trick to clarify the idea. I think applying the AOP paradigm to the Jakarta Struts Taglib we can easil= y use the properties map to simplify the JSP development... more I think abou= t it and more I like your suggestion! Can you provide a diagram of some sort? --=20 View this message in context: http://www.nabble.com/Requirements-for-auth-m= odule-tf3513039s17546.html#a11259530 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: amarini <ann...@gm...> - 2007-06-22 18:30:00
|
On purpose of authorizations=E2=80=A6 My idea on the management of the authorizations is that the structure must be the much simple one, easy performing and understanding but at the same time useful, highly flexible and untied from the platform.=20 For this reason, the entities I think to, reflect the greater problems but at the same time the most common reality.=20 A user, assimilating to others, can approach something, often leaked and ca= n manage it to a defined level: user, group, role, property, permission.=20 All without subordination of an entity to one another: a user can be in relation to one or more groups but can also be free and vice versa; both ca= n have one or more roles to which grant permissions in order to manage the access to the functionalities (where to navigate, what to visualize, how to interact) and both can have property in order to manage the tracing of the data (which geographic, economic, temporal contents=E2=80=A6). Annamaria --=20 View this message in context: http://www.nabble.com/Requirements-for-auth-m= odule-tf3513039s17546.html#a11257671 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-05-29 12:34:21
|
As promised a new feature request http://sourceforge.net/tracker/index.php?func=detail&aid=1727445&group_id=163839&atid=829327 1727445 was submitted for this topic. rlogiacco wrote: > > If none argues with that I'll submit a feature request on the tracking > system in the next days. > > > rlogiacco wrote: >> >> I hardly suggest to add a date picker component to help valorizing the >> date fields. >> The optimal solution should be a localized component which could handle: >> >> * localized date formats (USA uses mm/dd/yyyy while EU uses dd/mm/yyyy) >> * localized week formats (English countries uses sunday as first day of >> the week while Latin countries uses monday) >> * customizable holidays (it could the hardest part as Easter is not easy >> to code and they change on a political basis and frequency...) >> > > -- View this message in context: http://www.nabble.com/Missing-a-decent-date-picker-tf3511890s17546.html#a10853181 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-05-29 12:00:07
|
It would be nice to have the auth module pages to allow logging in through a pseudo pop-up window like in our wiki as this is the less intrusive and most efficient way to collect those informations without needing to present an additional login form on every page. The same should be implemented if the session has expired or if someone is trying to access a protected resource without having already logged in. As an example of what I'm talking about please refer to http://smartweb.wikidot.com/ http://smartweb.wikidot.com/ and click on the login anchor. -- View this message in context: http://www.nabble.com/AJAX-style-for-auth-module-tf3833411s17546.html#a10852640 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-05-17 12:19:43
|
If none argues with that I'll submit a feature request on the tracking system in the next days. rlogiacco wrote: > > I hardly suggest to add a date picker component to help valorizing the > date fields. > The optimal solution should be a localized component which could handle: > > * localized date formats (USA uses mm/dd/yyyy while EU uses dd/mm/yyyy) > * localized week formats (English countries uses sunday as first day of > the week while Latin countries uses monday) > * customizable holidays (it could the hardest part as Easter is not easy > to code and they change on a political basis and frequency...) > -- View this message in context: http://www.nabble.com/Missing-a-decent-date-picker-tf3511890s17546.html#a10663098 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-05-11 11:39:04
|
rlogiacco wrote: > > 1. users and groups should be threated in a similar manner being > interchangeable; > 2. the administrator must be able to tell the module "allow user/group X > to operate in the role Y only if the function operates on object of type Z > and id N [ and current time is between 8am and 6pm ]" with the last part > optional and customizable; > 3. permissions and rules should be customizable through a configuration > file without intervention into the code, allowing a method level > granularity similarly to the EJB security constraints; > 4. users are stored by default on database, but other sources for datas > (LDAP for example) should be configurable; > 5. no constraints between the auth module datas and other modules to allow > deployment on separate databases; > 6. no class constraints and no requirements on the classes using the > module: as stated before the security constraint should be activatable at > configuration time (AOP should be the solution); > 7. customizability both of authentication process and authorization > process like "no logins for users in role X between 8pm and 8am" or > "disallow requests to function F if more than 5 users already logged" > through custom classes and configuration; > 8. ability to load balance the module with the web application; > 9. ability to check credentials both on presentation tier "show this field > only if user is authorized" and on business tier "allow this operation > only if user is authorized" > 10. support for distributed presentation and business tiers (on two or > more servers) and implicit transmission of credentials (needs integration > with JAAS) > > Have I forgot something? > Yes, I forgot to mention the anonymous user: we should define a constant referencing the non authenticated users, also known as guest or anonymous. With this constant we can easily avoid NullPointerExceptions and uncessary code branchings I think. If you get any ideas, please submit them! -- View this message in context: http://www.nabble.com/Requirements-for-auth-module-tf3513039s17546.html#a10430270 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-04-03 13:32:40
|
It may sound rough, but actually the most important module of the framework is no more working! We should solve this big problem urgently and give it back to the community for upgrades, improvements but mostly for usage!!! Actually the problem was introduced because a major update started a few months ago, but I have to admit I committed a big mistake not branching before starting to work to the next generation module. Personally I think now is too late to fall back 'cause we are pretty near to the end. For the future and for every module coordinator I strongly suggest to branch before starting a new implementation: you can work without feeling your users' breath over your neck... ;) Anyway, returning to the topic, I'm here to define the requisites of the module to share and clarify them once and for all. 1. users and groups should be threated in a similar manner being interchangeable; 2. the administrator must be able to tell the module "allow user/group X to operate in the role Y only if the function operates on object of type Z and id N [ and current time is between 8am and 6pm ]" with the last part optional and customizable; 3. permissions and rules should be customizable through a configuration file without intervention into the code, allowing a method level granularity similarly to the EJB security constraints; 4. users are stored by default on database, but other sources for datas (LDAP for example) should be configurable; 5. no constraints between the auth module datas and other modules to allow deployment on separate databases; 6. no class constraints and no requirements on the classes using the module: as stated before the security constraint should be activatable at configuration time (AOP should be the solution); 7. customizability both of authentication process and authorization process like "no logins for users in role X between 8pm and 8am" or "disallow requests to function F if more than 5 users already logged" through custom classes and configuration; 8. ability to load balance the module with the web application; 9. ability to check credentials both on presentation tier "show this field only if user is authorized" and on business tier "allow this operation only if user is authorized" 10. support for distributed presentation and business tiers (on two or more servers) and implicit transmission of credentials (needs integration with JAAS) Have I forgot something? Roberto -- View this message in context: http://www.nabble.com/Requirements-for-auth-module-tf3513039s17546.html#a9810970 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-04-03 11:58:51
|
I hardly suggest to add a date picker component to help valorizing the date fields. The optimal solution should be a localized component which could handle: * localized date formats (USA uses mm/dd/yyyy while EU uses dd/mm/yyyy) * localized week formats (English countries uses sunday as first day of the week while Latin countries uses monday) * customizable holidays (it could the hardest part as Easter is not easy to code and they change on a political basis and frequency...) -- View this message in context: http://www.nabble.com/Missing-a-decent-date-picker-tf3511890s17546.html#a9808776 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-04-03 11:52:42
|
I think a component to show the upload progress for the file module could be appreciated by the community both as a tool and as an example. Actually an AJAX implementation should be easy to implement. May be this could become a feature request into the tracking system... -- View this message in context: http://www.nabble.com/Upload-progress-bar-for-file-module-tf3511732s17546.html#a9808548 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: rlogiacco <rlo...@us...> - 2007-03-29 11:01:20
|
I was wondering if a better support for privacy consent is needed into the registry module. Actually if we want to store such kind of informations we need to define a custom property into the Entry instance, may be storing into a constant the property key. Such approach is obviously: * unperformant as reading this field needs accessing another table and searching for entries with a specific value needs a table join * unflexible as searching for more than one property need a multiple full join on the properties table * error prone as the property key may be already in use or mispelled I thought a bitmask field into the Entry class could solve the problem at its root as it allows: * multiple true/false settings for independent levels of privacy authorizations * fast and flexible searches * small size increase as with a short we can handle 16 independent levels which should be a lot more than actually needed by anyone and it can be easily increased up to 64 In general the same approach could be used for profiling basing on a true/false basis... Waiting for your opinions before opening a feature request on the tracking system here at SourceForge -- View this message in context: http://www.nabble.com/Privacy-consent-in-registry-module-tf3485703s17546.html#a9731003 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: lucantonio c. <lc...@gm...> - 2007-02-08 13:59:35
|
Richiesta registrazione lcofone Ciao GURU -- Lucantonio Cofone Java Developer |
|
From: rlogiacco <rlo...@us...> - 2007-02-08 11:45:08
|
I started to think the .hcf extension modification was not a so brillant idea for al least two reasons: 1. it confuses developers which tendo to have difficulties to understand it's just an hibernate.cfg.xml file with a differente name; 2. it confuses programs which need to be configured properly to understand it's an XML file. May be it would be better to switch back to the standard naming to solve this problems, but we still need to allow custom additional files to be deployed in a shared area. May be a hibernate[-modulename].cfg.xml schema is what we need. The impact on the file naming is strong as will be the impact on users knowledge: those who already understood the .hcf extension will be confused, but the new ones should find this simpler. We can also allow for both naming for a while... Waiting for comments and ideas. -- View this message in context: http://www.nabble.com/Configuration-file-extension-misleading-tf3192869s17546.html#a8863906 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
|
From: Roberto Lo G. <rlo...@la...> - 2007-01-30 09:28:37
|
This is an anti spam test message, please ignore. --- Roberto Lo Giacco |
|
From: Eleftheria A. <ver...@da...> - 2007-01-30 06:34:42
|
Good day, Viaz_gra $1, 80 Ciaz_lis $3, 00 Leviz_tra $3, 35 http://www.printery*ml.com ( Important ! Remove "*" ) -- trying to master himself, the cold voice switched abruptly to English again. Nagini has interesting news, Wormtail, it said. In-indeed, My Lord? said Wormtail. |
|
From: Tyler C. <kia...@ca...> - 2007-01-25 18:49:10
|
Hi, Via_xgra $3. 35 Val_xium $1. 20 Cia_xlis $3. 75 Xan_xax $1. 45 Amb_xien $2. 90 http://www.33rx*.com ( Important! Remove "*" to make the link working ) -- who hooted more happily than ever as he soared through the air. Here take it, Harry, Ron added in an undertone as the third-year girls scuttled away looking scandalized. He pulled Siriuss reply off |
|
From: rlogiacco <rlo...@us...> - 2006-12-14 19:48:19
|
-- View this message in context: http://www.nabble.com/Welcome-developer-%21-tf2823023s17546.html#a7879702 Sent from the SmartWeb Developers mailing list archive at Nabble.com. |
1 message has been excluded from this view by a project administrator.
