From: Saptarshi Purkayastha firstname.lastname@example.org
To: Murodullo Latifov email@example.com
Cc: Jo Størset firstname.lastname@example.org; Sundeep Sahay email@example.com; Jørn Braa firstname.lastname@example.org; DHIS 2 developers email@example.com
Sent: Monday, August 17, 2009 4:17:46 PM
Subject: Re: [Dhis2-devs] DHIS2 - Struts2 - Spring Security2
I’ve been playing around with this branch for the last 2 days… and congratulations with the move to Struts2… Interesting part of spring-security is where all url security is managed through a single xml. Not sure how we will use the UI to define these roles??
Roles are created as before, through maintenance-user module. We need to create some most used cases (e.g. admin, user, data entry) as well as individual operation authorities. Each available URL can be assigned to role (or group of URLs using expression). From UI one can select predefined role such as admin or user, or create another role with custom selection of available authorities plus predefined roles if needed.
But most of the old code is still existing and places where the access denied error comes, is where I see the new spring security being used. Im not quite sure still how the modules will be moving to use these changes. I believe its going to be some effort from now on…
Old code is there but muted, it has no use in current settings, none of them are populated as spring beans.xml. If you see Access denied in blank white page, that means new security is doing that. As for modular design, spring security XML config is used by all, individually or in a set of selected modules. Each module canhave its security authorities and roles in that xml, while module is not in use, these authorities remian unused.
Once I think we can move fully to these changes (which IMO will be a long effort), I hope we will see some performance improvements because we don’t scan through the module xmls any more… This branch at the moment is very much like our trunk and hopefully you are removing the old code out.
I’ll remove old code as obsolete or deprecated. Now and before on each iteration user credentials are rechecked, because all processes go through struts interceptors and they are called each time new URL comes in. This might be overhead, looking for ways to reduce it more.
Director R & D, HISP India
Health Information Systems Programme
My Tech Blog: http://sunnytalkstech.blogspot.com
You Live by CHOICE, Not by CHANCE
2009/8/14 Jo Størset firstname.lastname@example.org
Den 14. aug… 2009 kl. 12.12 skrev Murodullo Latifov:
The call is to tell us what kind of users you want to see and what access levels they have. For ordinary user to have access to change its password itself, you have to assign him role ROLE_dhis-web-maintenance-user, but its initial set, we are calling for more options ans intensive tests. You can assign user role as before through user settings menu option. Sorry links are not i18nized for now.
My comment was probably not very good. I was trying to understand the example Knut had, probably not understanding what it means to “generate users”. I´ll keep away until I actually have time to look at these things myself
Mailing list: https://launchpad.net/~dhis2-devs
Post to : email@example.com
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp