[Yanel-dev] User and Group Management

Michael Wechner michael.wechner at wyona.com
Thu Feb 15 15:39:48 CET 2007 

Josias Thöny wrote:

> Michael Wechner wrote:
>
>> Josias Thöny wrote:
>>
>>> Hi all,
>>>
>>> I've added interfaces and a yarep-based implementation for user and 
>>> group management to the security package. It allows to 
>>> add/modify/delete users and groups, and to manage the membership of 
>>> users to groups.
>>>
>>> Paloma, do you think it would be a lot of work to modify your 
>>> UserResource to use this API?
>>>
>>> I made the UserManager and the GroupManager accessible via the 
>>> IdentityManager:
>>>     identityManager.getUserManager()
>>> and
>>>     identityManager.getGroupManager()
>>> I'm not completely happy with that, any suggestions on how to 
>>> improve this are welcome. Should those two managers be instantiated 
>>> via spring instead?
>>
>>
>>
>>
>> how do we instantiate different implementions with this, e.g. LDAP, 
>> OpenID, ...?
>>
>> I think I remember now how I intended to do it in the first place:
>>
>> -  Having a generic API (independent of the implementation)
>> -  Using different Yarep implementations for the various usecases 
>> (Default, LDAP, OpenID, ...)
>
>
> That's not implemented yet, but I guess it shouldn't be too hard. The 
> API allows to have different implementations, the question is just how 
> to configure which implementation to use.
> We could use some kind of spring config mechanism, or add an attribute 
> class="my.cool.UserImpl" to e.g. the user xml files, as it is done in 
> Lenya. The user xml could also contain something like:
>
> <authenticator class="foo.bar.LDAPAuthenticator">
>     <ldap:id xmlns:ldap="http://foo.bar/ldap/1.0">lenya1</ldap:id>
> </authenticator>


right, but I think it's actually not such a good idea, because we don't 
just want to get the password from LDAP or whatever ....

I think it's better to do it via Yarep. We already pass a yarep 
repository to the IdentityManager.

I think it's important that we start a basic LDAP implementation to make 
sure that our API is generic enough.

WDYT?

Cheers

Michi

>
> IIUC that was your idea. This would require that the user 
> implementation understands this element and then uses the specific 
> Authenticator class. Basically it should be possible to implement that 
> without having to change the API (well, we might have to define an 
> Authenticator interface).
>
> josias
>
>
>>
>> Cheers
>>
>> Michi
>>
>>>
>>>
>>> If the new api is approved, I will make a few minor modifications to 
>>> YanelServlet, to correctly get the User and its Groups after logging 
>>> in. This should then allow to set policies based on groups.
>>>
>>> Any feedback is welcome.
>>>
>>> josias
>>>
>>> _______________________________________________
>>> Yanel-development mailing list
>>> Yanel-development at wyona.com
>>> http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
>>>
>>
>>
>
>
> _______________________________________________
> Yanel-development mailing list
> Yanel-development at wyona.com
> http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
>


-- 
Michael Wechner
Wyona      -   Open Source Content Management   -    Apache Lenya
http://www.wyona.com                      http://lenya.apache.org
michael.wechner at wyona.com                        michi at apache.org
+41 44 272 91 61

More information about the Yanel-development mailing list