Skip to main content

Home/ SoftwareEngineering/ Group items tagged Permission

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

AllPermission (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...AllPermission.html

security ApacheShiro authorization AllPermission

shared by kuni katsuya on 23 Sep 12 - No Cached
  • AllPermission
  • always implies any other permission
    • kuni katsuya
      kuni katsuya on 23 Sep 12
       
      equivalent to *:*, ie. all actions on all resource types
  • implies method
  • ...2 more annotations...
  • always returns true
  • have the ability to do anything
kuni katsuya

Shiro Developer - Role "Nesting" or "Inheriting" and RolePermissionResolvers - 0 views

shiro-developer.582600.n2.nabble.com/issionResolvers-td5858003.html

ApacheShiro security permission inheritance

shared by kuni katsuya on 29 Aug 12 - No Cached
  • Shiro support the concept of role inheritance ­ roleA inherits permissions from roleB
  • A given realm knows only its roles, but my application understands the mapping of roles to permissions (or nested roles).  I have a single RolePermissionResolver that ties permissions to roles
  • Example: My security Manager: https://github.com/sonatype/security/blob/master/security-system/src/main/java/org/sonatype/security/DefaultRealmSecurityManager.java#L63
  • ...1 more annotation...
  • My RolePermissionResolver https://github.com/sonatype/security/blob/master/security-realms/security-xml-realm/src/main/java/org/sonatype/security/realms/XmlRolePermissionResolver.java#L47
kuni katsuya

Shiro User - Instance level security w/ Permissions | Threaded View - 0 views

shiro-user.582556.n2.nabble.com/y-w-Permissions-tt2218218.html

security ApacheShiro authorization AuthorizationInfo Role Permission optimization

shared by kuni katsuya on 03 Sep 12 - No Cached
  • idea is to try to keep the number per role low if possible
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      ie. keep number of permissions per role low for better performance
  • kuni katsuya on 03 Sep 12
     
    " idea is to try to keep the number per role low if possible"
kuni katsuya

Application Security With Apache Shiro - 0 views

www.infoq.com/...apache-shiro

security ApacheShiro

shared by kuni katsuya on 08 Aug 12 - No Cached
  • previously known as the JSecurity project
  • The word Subject is a security term that basically means "the currently executing user"
  • Core Concepts: Subject, SecurityManager, and Realms
  • ...12 more annotations...
  • Subject
  • 'Subject' can mean a human being, but also a 3rd party process, daemon account, or anything similar. It simply means 'the thing that is currently interacting with the software'
  • Subject currentUser = SecurityUtils.getSubject();
  • SecurityManager
  • SecurityManager manages security operations for all users
  • Realms
  • Realm acts as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. That is, when it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application.
  • Realm is essentially a security-specific DAO
  • Shiro provides out-of-the-box Realms to connect to a number of security data sources (aka directories) such as LDAP, relational databases (JDBC), text configuration sources like INI and properties files, and more
  • Authorization
  • A permission is a raw statement of functionality, for example ‘open a door’, ‘create a blog entry’, ‘delete the ‘jsmith’ user’, etc. By having permissions reflect your application’s raw functionality, you only need to change permission checks when you change your application’s functionality. In turn, you can assign permissions to roles or to users as necessary at runtime.
  • “Run As” support for assuming the identity of another Subject
kuni katsuya

Terminology | Apache Shiro - 0 views

shiro.apache.org/terminology.html

ApacheShiro shiro security terminology

shared by kuni katsuya on 24 Aug 12 - No Cached
  • . Role
  • Role as simply a named collection of Permissions
  • This is a more concrete definition than the implicit one used by many applications
  • ...4 more annotations...
  • Permission
  • A Permission is only a statement of behavior, nothing more.
  • a statement that describes raw functionality in an application and nothing more
  • define only "What" the application can do
kuni katsuya

DomainPermission (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...DomainPermission.html

ApacheShiro DomainPermission JPA

shared by kuni katsuya on 29 Aug 12 - No Cached
  • used as a base class for JPA/Hibernate persisted permissions that wish to store the parts of the permission string in separate columns (e.g. 'domain', 'actions' and 'targets' columns)
kuni katsuya

[Shiro-user] permission everything but this item - Grokbase - 0 views

grokbase.com/...ssion-everything-but-this-item

security ApacheShiro authorization NegativePermission AllowDeny

shared by kuni katsuya on 04 Sep 12 - No Cached
  • No, 'negative' permissions are not supported out of the box due to thecomplexity and performance hit it would probably incur
kuni katsuya

Securing Data Access - 0 views

login.salesforce.com/...security_data_access.htm

security SecurityModel authorization PermissionScheme permissions example salesforce.com

shared by kuni katsuya on 07 Sep 12 - No Cached
kuni katsuya

Page - Facebook Developers - 0 views

developers.facebook.com/...page

shared by kuni katsuya on 25 Feb 13 - No Cached
kuni katsuya

Realm (Apache Shiro :: Core 1.1.0 API) - 0 views

127.0.0.1/...Realm.html

security ApacheShiro Realm authentication authorization user Role Permission

shared by kuni katsuya on 03 Sep 12 - No Cached
  • Interface Realm
  • AuthenticatingRealm
  • AuthorizingRealm
  • ...7 more annotations...
  • JdbcRealm
  • A Realm is a security component that can access application-specific security entities such as users, roles, and permissions to determine authentication and authorization operations
  • security-specific DAOs
  • If for some reason you don't want your Realm implementation to perform authentication duties, you should override the supports(org.apache.shiro.authc.AuthenticationToken) method to always return false
  • does not require you to implement or extend any User, Group or Role interfaces or classes
  • Shiro tries to maintain a non-intrusive development philosophy
  • Most users will not implement the Realm interface directly, but will extend one of the subclasses, AuthenticatingRealm or AuthorizingRealm, greatly reducing the effort requird to implement a Realm from scratch
kuni katsuya

AuthorizingRealm (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...AuthorizingRealm.html

security ApacheShiro authorization AuthorizingRealm realm

shared by kuni katsuya on 09 Sep 12 - No Cached
  • perform all role and permission checks automatically
  • getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) method returns an AuthorizationInfo
  • subclasses do not have to write this logic
  • ...11 more annotations...
  • If caching is enabled and if any authorization data for an account is changed at runtime, such as adding or removing roles and/or permissions, the subclass implementation should clear the cached AuthorizationInfo for that account via the
  • clearCachedAuthorizationInfo method
  • getAuthorizationInfo
  • AuthorizingRealm
  • AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals)
  • Returns an account's authorization-specific information for the specified principals, or null if no account could be found
  • This implementation obtains the actual AuthorizationInfo object
  • from the subclass's implementation of doGetAuthorizationInfo
  • and then caches it for efficient reuse if caching is enabled
  • clearCachedAuthorizationInfo(PrincipalCollection principals)
  • Clears out the AuthorizationInfo cache entry for the specified account.
kuni katsuya

TH02-EP02-US004 - VFML Admin, Org Mgmt, Sync Properties - Projects - Confluence - 0 views

confluence.visualfrenzy.com/...viewpage.action

shared by kuni katsuya on 06 Dec 12 - No Cached
  • using EXCC
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      why is excc required as the mechanism?
  • sync properties
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      sync meaning: a. ensuring that chain-hotel relationships based on icpm data is represented the same way in the cube node structure? (eg. which hotels belong under which chains, and to keep dynamically/automatically updated as hotels are added/removed from chains) 2. or...?
  • As a VFML user
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      implies restriction of this action via authorization controls (ie. required vs granted permissions)
  • ...1 more annotation...
  • maintain an accurate listing of properties in an org
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      ie. cube node-org-chain tree reflects icpm relationships exactly & always
kuni katsuya

Edit Permissions - VFM Leonardo JIRA - 0 views

jira.vfmltech.com/...EditPermissions!default.jspa

shared by kuni katsuya on 18 Jan 13 - No Cached
  • Edit Issues
  • Administer Projects
  • Schedule Issues
    • kuni katsuya
      kuni katsuya on 18 Jan 13
       
      required for: - ranking issues (in backlog) https://confluence.atlassian.com/display/GH060/Ranking+an+Issue
  • ...25 more annotations...
  • Administer Projects
  • Administer Projects
  • Project Role (Product Owner)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Product Owner)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Single User (anton.marinov)
  • Single User (felix.zhuang)
  • Single User (jason.ibele)
  • Single User (cuneyt.tuna)
  • Project Role (Product Owner)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master) (
  • Project Role (Scrum Master)
  • Single User (parth.upadhye)
  • Project Role (Scrum Master)
  • Project Role (Product Owner)
  • Project Role (Product Owner)
  • Project Role (Scrum Master)
kuni katsuya

Johan's Blog - DaliCore on java.net - 0 views

www.lodgon.com/...DaliCore_on_javanet

authentication DaliCore SocialNetwork OAuth javaee6

shared by kuni katsuya on 27 Mar 13 - No Cached
kuni katsuya

Entity-attribute-value model - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Entity-attribute-value_model

eav sparse open schema

shared by kuni katsuya on 01 Jul 12 - Cached
  • Entity–attribute–value model
  • Entity–attribute–value model (EAV) is a data model to describe entities where the number of attributes (properties, parameters) that can be used to describe them is potentially vast, but the number that will actually apply to a given entity is relatively modest
  • also known as object–attribute–value model, vertical database model and open schema
  • ...21 more annotations...
  • In an EAV data model, each attribute-value pair is a fact describing an entity, and a row in an EAV table stores a single fact
  • EAV tables are often described as "long and skinny": "long" refers to the number of rows, "skinny" to the few columns
  • Data is recorded as three columns: The entity: the item being described. The attribute or parameter: a foreign key into a table of attribute definitions. At the very least, the attribute definitions table would contain the following columns: an attribute ID, attribute name, description, data type, and columns assisting input validation
  • The value of the attribute
  • Row modeling, where facts about something (in this case, a sales transaction) are recorded as multiple rows rather than multiple columns
  • differences between row modeling and EAV (which may be considered a generalization of row-modeling) are:
  • A row-modeled table is homogeneous in the facts that it describes
  • The data type of the value column/s in a row-modeled table is pre-determined by the nature of the facts it records. By contrast, in an EAV table, the conceptual data type of a value in a particular row depend on the attribute in that row
  • In the EAV table itself, this is just an attribute ID, a foreign key into an Attribute Definitions table
  • The Attribute
  • The Value
  • Coercing all values into strings
  • larger systems use separate EAV tables for each data type (including binary large objects, "BLOBS"), with the metadata for a given attribute identifying the EAV table in which its data will be stored
  • Where an EAV system is implemented through RDF, the RDF Schema language may conveniently be used to express such metadata
  • access to metadata must be restricted, and an audit trail of accesses and changes put into place to deal with situations where multiple individuals have metadata access
  • quality of the annotation and documentation within the metadata (i.e., the narrative/explanatory text in the descriptive columns of the metadata sub-schema) must be much higher, in order to facilitate understanding by various members of the development team.
  • Attribute metadata
  • Validation metadata include data type, range of permissible values or membership in a set of values, regular expression match, default value, and whether the value is permitted to be null
    • kuni katsuya
      kuni katsuya on 01 Jul 12
       
      jsr-299 bean validation anyone?  :)
  • Presentation metadata: how the attribute is to be displayed to the user
  • Grouping metadata: Attributes are typically presented as part of a higher-order group, e.g., a specialty-specific form. Grouping metadata includes information such as the order in which attributes are presented
  • Advanced validation metadata Dependency metadata:
‹ Previous 21 - 40 of 46 Next ›
Showing 20 items per page