[Yanel-dev] Assigning new group to a user at runtime
Michael Wechner
michael.wechner at wyona.com
Thu Dec 16 01:08:29 CET 2010
On 12/15/10 3:32 PM, Balz Schreier wrote:
> Hi,
> I don't mean accessing the session of another user, I meant within the =
> same session.
>
> E.g.: user A is logged in and performs some stuff. Then he performs =
> some functions within his session where at the end of those functions =
> the user gets "upgraded", in my example he gets assigned a new group =
> (with additional privileges, etc.).
>
> So the question is, how can I just rebuild the security context in =
> Yanel (or however you want to call this).
>
> I imagine that this should not be that difficult compared to doing the =
> same for any kind of user...
yes, that's right. I have started to work on this, but I am not quite =
finished yet.
Will keep you posted.
Cheers
Michael
>
> So I imagine a new method like this:
>
> getEnvironment().getIdentity().refresh();
>
>
>
> What do you think?
> Cheers
> Balz
>
> On Wed, Dec 15, 2010 at 3:27 PM, Michael Wechner =
> <michael.wechner at wyona.com <mailto:michael.wechner at wyona.com>> wrote:
>
> On 12/15/10 11:54 AM, Balz Schreier wrote:
>> Hi Michael,
>> I fully understand the performance reasons and I think this has
>> to be like this. I actually just wanted to know whether I have
>> missed any API possibility to update the groups.
>>
>> So my suggestion would be to extend the Yanel Core API with a new
>> method, where the whole group and other security stuff is redone
>> again and attached to the session (Maybe we can reuse the very
>> same code that does the initial stuff).
>
> The problem is accessing the session of a particular user from
> within another user, but
> let me check if we might be able to re-use stuff from
>
> YANEL_HOME/src/contributions/resources/sessionmanager/
>
> or otherwise move this information into a more accessible cache
> like for example ehcache
>>
>> What do you think?
>
> I agree, but we need to overcome the technical hurdles ;-)
>
> Cheers
>
> Michael
>
>>
>> On Wed, Dec 15, 2010 at 11:43 AM, Michael Wechner
>> <michael.wechner at wyona.com <mailto:michael.wechner at wyona.com>> wrote:
>>
>> Hi Balu
>>
>>
>> On 12/15/10 10:03 AM, Balz Schreier wrote:
>>
>> Hi,
>>
>> I have the usecase where a user gets assigned a new group
>> while he is logged in.
>> I noticed that Yanel reflects this change only after a
>> login of that user, means as long as the user stays
>> logged in, the user does not benefit from the new
>> assignment yet.
>>
>>
>> the reason for that is that for performance reasons the
>> groups (and its parents and parents) are loaded
>> during login and attached to the session, because these are
>> used for access control, and since every "html request" has
>> many other requests as a consequence it's good to have this
>> "cached".
>>
>> Now when you update the group settings the sessions are not
>> being touched and hence one
>> does not notice such a change.
>>
>> I am not saying that this is good, but the question is how we
>> can do this better, but please see below ...
>>
>>
>> Question: How can I tell Yanel to reinitialize the User
>> (Identity) and its Groups ?
>>
>>
>> - we could try to change the session
>> - we could change the implementation by using
>> conf/ehcache.xml instead the sessions.
>>
>> Any other suggestions?
>>
>> Thanks
>>
>> Michael
>>
>>
>> Thanks
>> Cheers
>> Balz
>>
>>
>> -- =
>> Yanel-development mailing list Yanel-development at wyona.com
>> <mailto:Yanel-development at wyona.com>
>> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
>>
>>
>
>
> --
> Yanel-development mailing list Yanel-development at wyona.com
> <mailto:Yanel-development at wyona.com>
> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wyona.org/pipermail/yanel-development/attachments/2010121=
6/f94d5ec1/attachment-0001.htm
More information about the Yanel-development
mailing list