Acl / Permissions / User Management?

hussdl · April 7, 2009, 3:40pm

Hi,

does the toolkit come with support for access control lists?

I’m supposed to evaluate the framework regarding its user management / permissions features but so far I haven’t found anything at all.
Is it correct that the toolkit doesn’t have its own approach for this task?

Jani · April 7, 2009, 5:57pm

Nope, I think this is because IT Mill Toolkit should not have such feature (or dependencies if you wish). Good news is that it is straightforward to use any Access Control library with IT Mill Toolkit if it is coded in Java.

Perhaps you could search “java access control library” or something similar using google and pick the best access control tool for your specific case.

I’m myself involved in a pretty large JEE enterprise project which has multiple “locksets” and privilege combinations per every access controlled POJO. In addition to datakeys we also got so called system level functionkeys (feature or module keys) that can be given to user’s keychain. Privileges are five level based (create, read, update, delete, admin). This model is similar to what is seen on SAP systems.

Throw in JBoss cluster (data / business server), bunch of Tomcat’s as UI servers, Hibernate, commercial Databases and Caches and you got a real enterprise system at your hands This project uses IT Mill Toolkit on UI servers.

The bottom line is that we are quite happy how easy this kind of integration is to do with IT Mill Toolkit. I assume the reason is because it is pure Java and server-side architecture is first-class. Then again, I’ve done projects with Toolkit many years…

Jani · April 7, 2009, 6:11pm

Forgot to mention this…

In Toolkit application you setup UI layouts and components based on user’s privileges. For example, for a guest user you construct simpler header, footer, menu and view. But when user logins you construct header which contains more features, menu with more items, personal view etc. On login you most likely fetch user’s privileges using enterprise java beans or perhaps directly from the database.

Think of it just you would be doing a local Java application in Swing.

Anonymous · April 8, 2009, 6:03am

You can download simple application that demonstrates how application is affected between “not logged in” vs. “logged in user”

Download it from here:
http://dev.itmill.com/wiki/Articles/MVCBasics