RBAC/ACL using core.logic or similar
246 views
Skip to first unread message
ronen
Sep 29, 2013, 9:16:03 AM9/29/13
to clo...@googlegroups.com
Hey,
I was thinking about how to approach role and permission management in Clojure, https://shiro.apache.org/ is one example of same a framekwork
It sounds like a problem that core.logic could solve but I'm not sure how to approach it
Thought and ideas are welcome
Thanks
Dave Della Costa
Oct 2, 2013, 3:38:22 AM10/2/13
to clo...@googlegroups.com
Hi ronen,
This doesn't address your question re: how do it in pure Clojure, but as
a data point we recently implemented a wrapper for Shiro in Clojure for
use in setting policies on a ring-based web app.
We are using our own solution for checking the access policies on routes
themselves, which is wholly unrelated to Shiro. For that matter, we
don't use anything Shiro provides (other than what it forces us to
setup, see below) relating to authentication, session or web routing,
just its authorization capabilities, and we extend their JdbcRealm
(http://shiro.apache.org/static/1.2.2/apidocs/index.html?org/apache/shiro/realm/jdbc/JdbcRealm.html)
to plug it into our system.
I'll try to lay out the pluses and minuses simply. Pluses:
- once we figured out the architecture and where to "jack-in," it was
pretty easy to wrap stuff up inside of Clojure.
- the permission check stuff in our system was basically simply wrapping
a specific method on the Subject class:
http://shiro.apache.org/static/1.2.2/apidocs/org/apache/shiro/subject/Subject.html#checkPermission(java.lang.String)
(more here: http://shiro.apache.org/permissions.html)
- it has a really comprehensive role and permission management set of
interfaces, and if you want to set up caching for your roles and
whatnot, it's easy to extend--from a Java perspective.
- as much as you go the "Shiro way," you will find it easy to implement
and extend.
Minuses:
- as much as you go the "Shiro way," you will find it easy to implement
and extend.
I think that, if you already had your own authentication framework set
up, it *may* be worth looking elsewhere for a RBAC/DAC/etc. solution.
If you want something comprehensive, Shiro is definitely worth checking
out. For us I think the jury is still out on whether or not it was
worth the trouble or not.
DD
> --
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clo...@googlegroups.com
> Note that posts from new members are moderated - please be patient with
> your first post.
> To unsubscribe from this group, send email to
> clojure+u...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
> ---
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to clojure+u...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
This doesn't address your question re: how do it in pure Clojure, but as
a data point we recently implemented a wrapper for Shiro in Clojure for
use in setting policies on a ring-based web app.
We are using our own solution for checking the access policies on routes
themselves, which is wholly unrelated to Shiro. For that matter, we
don't use anything Shiro provides (other than what it forces us to
setup, see below) relating to authentication, session or web routing,
just its authorization capabilities, and we extend their JdbcRealm
(http://shiro.apache.org/static/1.2.2/apidocs/index.html?org/apache/shiro/realm/jdbc/JdbcRealm.html)
to plug it into our system.
I'll try to lay out the pluses and minuses simply. Pluses:
- once we figured out the architecture and where to "jack-in," it was
pretty easy to wrap stuff up inside of Clojure.
- the permission check stuff in our system was basically simply wrapping
a specific method on the Subject class:
http://shiro.apache.org/static/1.2.2/apidocs/org/apache/shiro/subject/Subject.html#checkPermission(java.lang.String)
(more here: http://shiro.apache.org/permissions.html)
- it has a really comprehensive role and permission management set of
interfaces, and if you want to set up caching for your roles and
whatnot, it's easy to extend--from a Java perspective.
- as much as you go the "Shiro way," you will find it easy to implement
and extend.
Minuses:
- as much as you go the "Shiro way," you will find it easy to implement
and extend.
I think that, if you already had your own authentication framework set
up, it *may* be worth looking elsewhere for a RBAC/DAC/etc. solution.
If you want something comprehensive, Shiro is definitely worth checking
out. For us I think the jury is still out on whether or not it was
worth the trouble or not.
DD
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clo...@googlegroups.com
> Note that posts from new members are moderated - please be patient with
> your first post.
> To unsubscribe from this group, send email to
> clojure+u...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
> ---
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to clojure+u...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages