RCP and Security on a fine grained level?
It's been a typical day here, I've wound up somewhere totally different than where I thought I would be - here.
I was getting used to NetBeans GUI builder and trying to find an intuitive way to integrate Swing apps with Spring, which led me to explore the Swing app framework (JSR 296), which led me to multiple articles about how SAF currently sucks because of the underlying architecture and the reluctance/inability of that team to see the need to refactor it (not to mention that it may either be dead or released half baked).
That said I kept seeing mention of Spring, IOC, and sometime Spring RCP.
I use Spring (Security, Core, some other odds and ends) and I am familiar with it. I have implemented a Swing prototype that uses Spring Security to login/authenticate, and I started to implement using Permissions to tie various actions (enabling/disabling, showing/hiding) that are typical use cases in Swing apps where there are users with different security roles.
So, I came back here and I am diving into RCP instead of SAF. Like most Spring projects I like what I see so far. Kind of disconcerting the scarcity of docs after 4+ years, but what are you going to do - SAF looks stillborn.
Anyway, I was digging around the forum and the docs for info on security. The copy of the docs I dug up (literally had to go digging here) had a few paragraphs on security then just stopped hanging in midair, not even coming close to telling me what I want to know much less giving me any real info.
Maybe my copy is corrupt?This assumes you have a security controller named mySecurityController defined in your application context.
Warning
Rest of the text
But enough b***** and on to my questions.
I have downloaded the code/docs and searched through them, I've searched the forum and come up with these threads and references:
http://opensource.atlassian.com/conf...y/RCP/Security
http://forum.springsource.org/showthread.php?t=23070
http://forum.springsource.org/showthread.php?t=32565
http://forum.springsource.org/showthread.php?t=41773
http://forum.springsource.org/showthread.php?t=70873
So, I gather there is considerable code and logic for security. More than I thought there would be. Bravo. Well done.
However, back to the use case - not necessarily enabling commands (which is useful), but simply enabling/disabling/hiding/showing a menu/button/etc. - is there a straightforward way to do this?
I don't want to reinvent the wheel, but my solution seemed straight-forward. Although not particularly elegant it didn't seem ugly either and reused the concept of Java Permissions. I extended Permissions and in a policy file I create grants for permissions on particular components. I can then load those permissions for a given component and examine the roles and privileges in the grant. Based on that info I can then decide whether to enable/disable/etc.
Seems cleaner than the typical hard coded approach you see in a lot of apps. The permissions/grants are decoupled and can be configured separately from the app/module. The logic doesn't need to know which role does what, it just matches the role of the grant to the role of the current user.
So, is there something similar or better in RCP?
Reply With Quote