[Yanel-dev] User and Group Management

Josias Thöny josias.thoeny at wyona.com
Thu Feb 15 15:15:14 CET 2007 

Michael Wechner wrote:
> Josias Thöny wrote:
> 
>> Hi all,
>>
>> I've added interfaces and a yarep-based implementation for user and 
>> group management to the security package. It allows to 
>> add/modify/delete users and groups, and to manage the membership of 
>> users to groups.
>>
>> Paloma, do you think it would be a lot of work to modify your 
>> UserResource to use this API?
>>
>> I made the UserManager and the GroupManager accessible via the 
>> IdentityManager:
>>     identityManager.getUserManager()
>> and
>>     identityManager.getGroupManager()
>> I'm not completely happy with that, any suggestions on how to improve 
>> this are welcome. Should those two managers be instantiated via spring 
>> instead?
> 
> 
> 
> how do we instantiate different implementions with this, e.g. LDAP, 
> OpenID, ...?
> 
> I think I remember now how I intended to do it in the first place:
> 
> -  Having a generic API (independent of the implementation)
> -  Using different Yarep implementations for the various usecases 
> (Default, LDAP, OpenID, ...)

That's not implemented yet, but I guess it shouldn't be too hard. The 
API allows to have different implementations, the question is just how 
to configure which implementation to use.
We could use some kind of spring config mechanism, or add an attribute 
class="my.cool.UserImpl" to e.g. the user xml files, as it is done in 
Lenya. The user xml could also contain something like:

<authenticator class="foo.bar.LDAPAuthenticator">
     <ldap:id xmlns:ldap="http://foo.bar/ldap/1.0">lenya1</ldap:id>
</authenticator>

IIUC that was your idea. This would require that the user implementation 
understands this element and then uses the specific Authenticator class. 
Basically it should be possible to implement that without having to 
change the API (well, we might have to define an Authenticator interface).

josias


> 
> Cheers
> 
> Michi
> 
>>
>>
>> If the new api is approved, I will make a few minor modifications to 
>> YanelServlet, to correctly get the User and its Groups after logging 
>> in. This should then allow to set policies based on groups.
>>
>> Any feedback is welcome.
>>
>> josias
>>
>> _______________________________________________
>> Yanel-development mailing list
>> Yanel-development at wyona.com
>> http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
>>
> 
>

More information about the Yanel-development mailing list