I am using Spring Specification (and net.kaczmarzyk.specification-arg-resolver for auto spec creation) to make dynamic Endpoints.
I have run into the need to know if a specific Specification exists on the request already (both for testing and permissions).
Permissions:
Based on user access I sometime append specifications onto the requested on. However it would be nice to know if specific spec's were used and maybe even update or delete them.
Testing:
Would be nice to know after a function has run to validate if a spec got added like it should have.
Related
I'd like to write some generic batch listeners to log out some useful information of all batches configured in my application. To do so I'd like to get the configured skippable/retryable exceptions from batch configuration. However I did not find any API for that. Is there a way to retrieve this configuration independant of the jsr352 implementation?
No you won't see this or anything similar really in the specification API (so anything that did exist would be impl-specific).
The theme of separation of concerns lies behind many of the API choices, and nothing like a "job definition model" API exists in the spec.
WSO2 seems to support 2 scenarios/models of authorization (e.g. as explained here): First is Database based Permission Store and the other is XACML based authorization using defined policies. The first allows you to define permission in a nice UI tree per each role while the later requires more complex policy definitions (but more flexible as it is fine grained permissions).
As far as I found it, those are separate mechanisms, and XACML queries does not consider the permissions defined by the first method. Since I need to support a simple RBAC model, I wish to concentrate on the first kind.
Using Java, I have found how to use the SDK to check the user decision using EntitlementServiceStub SDK, however I failed to find the SDK that can be used to check if the user has permissions of the first kind (I was just able to get the UI definitions, but I'm looking for something that can answer what is the decision/result, e.g. given "user1" & "/permission/protected/server-admin/homepage" can answer "true" - I suspect RemoteAuthorizationManagerServiceStub but not sure it is).
What is the SDK I'm looking for?
According to the post, it claims that database permission store is only available for Carbon based Server. And I think you are trying to do the same for identity server. In the documentation, it is not mentioned which means it does not support this feature for identity server
Our framework is Grails. Say domain.com contains an application and currently used by some client. If we want to allow another client with the same functionality but providing a separation for the data of two clients, so that they can't mix both, how to do this? And whenever we want to add n clients to this application, what is the best method to be followed, so that with less / no configuration we can share the common war file for these clients by separating the db.
How the real time web development handle these type of situations?
And, one more point is how to provide client1.domain.com works for client1 and client2.domain.com works for client2. How to make the war file (in Java / Grails) to work like this? Otherwise we have to programmatically control the clients with in the project for every feature to be allowed or unnecessarily maintain separate war file for each client, which will be a waste of resources.
You're describing multitenancy - create one table for N 'tenants' instead of N identical (or nearly) tables, but partition it with a tenant_id column, and use that to filter results in SQL WHERE clauses.
For example the generated code for findByUsername would be something like select * from person where username='foo' and tenant_id=3' - the same code as a regular call but with the tenant_id column to restrict within that tenant's data.
Note that previously simple things like unique constraints are now harder because you would want to restrict uniqueness within a tenant, but allow a value to be reused across tenants. In this case changing the unique constraint to be on the combo of username and tenant_id works and does the heavy lifting in the database.
For a while there were several related plugins, but they relied on tweaking internal APIs and some features broke in newer Hibernate versions. But I believe that http://grails.org/plugin/multi-tenant-single-db is active; it was updated over a year ago, but it is being used. Contact the authors if it looks like it'll be what you need to be sure it's active. Note that this can only work with Hibernate 3.x.
Hibernate 4 added support for multitenancy, but I haven't heard much about its use in Grails (which is expected, since it's not that common a requirement). It's not well documented, but this bug report highlights some of the potential pitfalls and should still be a working example (the test app is still on GitHub): https://jira.grails.org/browse/GPHIB-6.
I'd like to ensure that this is working and continues to work, so please let me know via email if you have issues later. It's a great feature and having it in Hibernate core makes things a lot easier for us. But we need to make it easy to use and well-documented, and that will happen a lot faster when it's being used in a real project.
Currently I'm working on a small web service using Dropwizard, connecting to a Postgresql DB using hibernate(build in package in Dropwizard) and with a bit of Migrations(also from Dropwizard).
Coming from a .NET environment, I'm used to a code - first/centric approach.
Currently I'm looking into generating the migrations.xml from the current state of my entity class based on the JPA annotations on them.
I feel this is a case somebody might have already resolved.
Is there a way to automatically update the migrations.xml based on the classes I'm writting?
It is possible. See the liquibase-hibernate plugin at https://github.com/liquibase/liquibase-hibernate/wiki.
Make sure you look at the generated migrations.xml changes before applying them because, like any diff-based process, the schema transformation may not be what you intended and that matters with data. For example, if you rename a class it will generate a drop + create process rather than a rename operation. The result is a valid schema, but you lose data.
I am working to configure Spring-Security with an existing application, for just basic security (i.e. what pages a user can see based on their roles). The question came up wondering if we could set what roles are required for each page in java instead of the ApplicationContext.xml.
The idea is to store them in a table in our database, so we can easily change them with out a redeployment. Is this possible? How?
Yes you can configure Spring-Security programmatically. But I don't think that is what you want / need to do.
The question came up wondering if we could set what roles are required for each page in java instead of the ApplicationContext.xml.
You could implement your own AccessDecisionManager class that queries your database to fetch the rules (or whatever) for each resource / page. This is described in Section IV of the SpringSecurity manual.
Alternatively, you could embed your own custom access control logic inside your MVC controller. Use SpringSecurityContext to fetch the request's Authorization object, fish out the identity and/or authorities, and implement the decision making however you want to.
We did this using Interceptors. Basically a MethodInterceptor proxies any call to any method you want (i.e. getting an object from your database). You can then, programmatically intercept the object and check the current user and do pretty much anything you want in terms of access control. If that means querying the database for a list of users who has access (and hence a list you can changes without modifying code) the so be it.