NHibernate entity security/filtering -


i'm attempting coerce existing nhibernate application multi-tenant application. data model large (60+ entities) although small subset of these entities need secured. added wrinkle, data access model used in separate applications should disregard security.

to end, i've created further entities represent acl on securable entities.

i've managed looks security adding loadcollection listener. when collection of secured entities loaded, check acl each 1 , remove list if access isn't allowed.

however, can't figure out how accomplish same thing when loading single entity. have preload event listener , i'm able determine if caller has access. if don't have access, return null item. i've tried setting entity associated event null , evicting entity session.

documentation on using event pretty thin on ground: it's events fire before saving have worked examples. nhibernate cookbook uses old version of nhibernate different signature events (e.g. return bool rather void of nhibernate 3.3.x).

edit: after spelunking through nhibernate source, i've determined looking @ wrong load event. tried "preload" , "postload", not realizing plain old "load" event after.

this has raised new issue though: when loading object not secured, has secured parent, load event listener fire proxy of parent. eager-loading or not, parent proxy won't have correct acl: coming empty every time.

a full example nhibernate application using design can found in nhibernate best practices, we're using enterprise, heavy web application more 300 entities big success. on top of implemented context control mechanism, each end user requesting security token on log-in , use on every sequential call, on every sequential call check security token validation , use create additional criterion limit each user access depending on his\her configuration. big project, gave infrastructure developing , maintenance.


Comments

Post a Comment

Popular posts from this blog

.htaccess - First slash is removed after domain when entering a webpage in the browser -

sometimes when hit address of webpage in browser, removes first slash after domain. examples: www.mywebsite.com/scripts/script_6.php -> trying load www.mywebsite.comscripts/script_6.php www.mywebsite.com/test.php -> trying load www.mywebsite.comtest.php after entering again, loads page. a .htaccess settings must wrong: rewritebase / errordocument 404 http://www.mywebsite.com/oops.php errordocument 401 /notallowed.php rewriteengine on # turn on rewriting engine #gzip <ifmodule mod_deflate.c> addoutputfilterbytype deflate text/text text/html text/plain text/xml text/css application/x- javascript application/javascript </ifmodule> #end gzip rewritecond %{http_host} ^mywebsite\.com rewriterule ^(.*)$ http://www.mywebsite.com$1 [r=permanent,l] directoryindex index6.php rewriterule ^termsofuse/?$ termsofuse.php [nc,l] # handle requests "adpolicy" rewriterule ^privacy-policy/?$ privacy-policy.php [nc,l] # handle requ...
Read more

Automatically create pages in phpfox -

i have array of information of places , wanna use them create multiple pages in phpfox site. first tried manually insert data in phpfox database (in tables of phpfox_pages , phpfox_pages_text ). the page shown in site when opening it's link, site says: the page looking cannot found. do know other tables should manipulate make work? or know plugin phpfox same? thanks, solved ( @purefan guide): "pages" has user if take @ phpfox_user table, you'll found out how fetch new records on that. there 2 ambiguous fields in table ( password & password_salt ). can use script create values fields: <?php function generaterandomstring() { $length = 164; $characters = '-_0123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz'; $randomstring = ''; ($i = 0; $i < $length; $i++) { $randomstring .= $characters[rand(0, strlen($characters) - 1)]; } return $randomstring; } $ssalt = '';...
Read more

c# - Farseer ContactListener is not working -

i'm using farseer in xna project, have trouble contactlistener. created class contactlistener these 2 error messages , don't know how fix problems. the type or namespace name 'contactlistener' not found (are missing using directive or assembly reference?) the type or namespace name 'contactimpulse' not found (are missing using directive or assembly reference?) what wrong contactlistener class? class mycontactlistener: contactlistener { void begincontact(contact contact) { /* handle begin event */ } void endcontact(contact contact) { /* handle end event */ } void presolve(contact contact, ref manifold oldmanifold) { fixture fixturea = contact.fixturea; fixture fixtureb = contact.fixtureb; if (fixtureb.collisioncategories == category.cat10) { contact.enabled = false; } } void postsolve(contact contact, ref contactimpulse impulse) { /* handle post-solve event */ } }...
Read more