blob: c961fd4901cf92e26c182e17ccea41eaddbd66e2 [file] [log] [blame]
ExecutionContext and Security-Aware Artifacts Notes
2009-08-26: I put this text file in the branch as a means
of keeping anyone who is interested updated on the progress
of the branch.
This branch is an implementation of the Security-Aware Artifacts
design document -
and it is a work in progress.
The ExecutionContext and AuthorizationManager interfaces are
scattered across several components due to the cross-dependency
or circular-dependency issue. Cross-dependency is when Class
A references Class B, and Class B references Class A, and both
classes are in separate components. There is no way to get them
to compile. The problem is compounded in ExecutionContext and
AuthorizationManager because they reference 3 or 4 components.
The branch David created attempts to solve this problem, but
it is not finished.
The workaround I came up with was to have the lowest level methods
declared in the api component, then have each component extend
the interfaces and add their methods. It's not pretty, but it works.
This is where you can find the interfaces:
When the cross-dependency issues are solved, all of the extended
interfaces will be consolidated into one.
The interface implementations can be found in the context component.
The ultimate goal of ExecutionContext is to have all client code
get the contained objects from ExecutionContext only - instead of
getting them from the various classes now in use. This initial
implementation focuses more on the ExecutionContext's role as
a means of tracking the execution path - which is needed for the
security-aware artifacts.
The AuthorizationManager and AccessController interfaces are based
on the* classes, and they are intended to be
implementation-agnostic. OFBiz will have an implementation based
on the entity engine, but the goal is to be able to swap out that
implementation with another.
If you want to see the ExecutionContext and AccessController in
action, change the settings in You'll see info
messages in the console log.
2009-08-26: Added security-aware Freemarker transform. Template
sections can be controlled with:
<@ofbizSecurity permission="view" artifactId="thisTemplate">Some text</@ofbizSecurity>
If the user has permission to view the artifact, then "Some text"
will be rendered.
2009-08-28: Permissions checking has been implemented. The code has
a few bugs, and there are places where the ExecutionContext isn't being
passed along, so OFBiz won't run with the AuthorizationManager enabled.
Consequently, the AuthorizationManager is disabled by default. When it
is disabled, it still "pretends" to check permissions, but it always
grants access. You can enable it with a property in
When a user first logs in, all of their permissions are gathered from the
security entities and are used to assemble a tree-like Java structure.
The structure is cached. When an artifact requests the user's permissions,
a permission object (OFBizPermission) uses the supplied artifact ID to traverse
the tree, accumulating permissions along the way. This is how permission
inheritance is achieved. The permission object is then queried if the user
has the requested permission and the result is returned to the artifact.
2009-12-23: This branch will not be synchronized with the trunk from now on.
I tried to do a merge from the trunk and there were too many conflicts to
resolve. When the time comes to implement the security-aware artifacts in
the trunk, the handful of affected classes can be ported over manually.
2009-12-28: Major rewrite. I created a utility class of static methods
(ThreadContext) to make using the ExecutionContext easier. Instead of
trying to pass an ExecutionContext instance throughout the framework,
you can use the ThreadContext static methods instead. The ThreadContext
class keeps an ExecutionContext instance per thread. We just need to
make sure all OFBiz entrance vectors call the reset() method, and
then initialize the ExecutionContext to the desired values.
2009-12-29: The Authorization Manager is mostly working. Filtering
EntityListIterator values is not implemented due to architectural
problems. The Authorization Manager is still disabled by default
because the demo data load will not work with it enabled.