dhis2-devs team mailing list archive

Thread
Date

Re: DHIS2 - Struts2 - Spring Security2

To: Jo Størset <storset@xxxxxxxxx>
From: Murodullo Latifov <murodlatifov@xxxxxxxxx>
Date: Fri, 14 Aug 2009 03:12:36 -0700 (PDT)
Cc: Sundeep Sahay <sundeep.sahay@xxxxxxxxx>, Jørn Braa <jornbraa@xxxxxxxxx>, DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <2EE7E656-45A4-4035-AA55-9CF96EA1693C@gmail.com>

Hi Jo,

The call is to tell us what kind of users you want to see and what access levels they have. For ordinary user to have access to change its password itself, you have to assign him role ROLE_dhis-web-maintenance-user, but its initial set, we are calling for more options ans intensive tests. You can assign user role as before through user settings menu option. Sorry links are not i18nized for now.

murod



----- Original Message ----
From: Jo Størset <storset@xxxxxxxxx>
To: Murodullo Latifov <murodlatifov@xxxxxxxxx>
Cc: Bob Jolliffe <bobjolliffe@xxxxxxxxx>; Knut Staring <knutst@xxxxxxxxx>; Sundeep Sahay <sundeep.sahay@xxxxxxxxx>; Jørn Braa <jornbraa@xxxxxxxxx>; DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
Sent: Friday, August 14, 2009 3:27:06 PM
Subject: Re: [Dhis2-devs] DHIS2 - Struts2 - Spring Security2

Sorry for top-posting, in the middle of a research proposal here :)

If we have concrete plans for this kind of user scale, I definately think we should evaluate the user/authn/authz architecture in more detail. I'm not immediately convinced there are quick wins to be gained here, without having a really relaxed security scheme (And then, what's the value?). A quick question; how would we know the correct user group get a hold of their username and password?

Jo

Den 14. aug.. 2009 kl. 11.25 skrev Murodullo Latifov:

> Hi Bob,
> 
> Don't agree, I don't think LDAP gives something special, though it is there, we can activate it. Its useful when lazy guy does not want to login again, because he already logged into his windows machine and mostly have no time for this. In this case he can tick "remember me" once, actually new functionality on security, and every next time from that machine he will be authenticated automatically.
> 
> murod
> 
> From: Bob Jolliffe <bobjolliffe@xxxxxxxxx>
> To: Knut Staring <knutst@xxxxxxxxx>
> Cc: Murodullo Latifov <murodlatifov@xxxxxxxxx>; Sundeep Sahay <sundeep.sahay@xxxxxxxxx>; Jørn Braa <jornbraa@xxxxxxxxx>; DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
> Sent: Friday, August 14, 2009 2:36:53 PM
> Subject: Re: [Dhis2-devs] DHIS2 - Struts2 - Spring Security2
> 
> 2009/8/14 Knut Staring <knutst@xxxxxxxxx>
> Delighted to see progress on this.
> 
> One thing that I've encountered (and which should become a blueprint), is that you would like to automatically generate users who only have access to subtrees (at a certain level).
> 
> The concrete example is that you have all the countries in the world (grouped into regions), and would like to have a user for each country who should not have access to data for any other contry. With 200 countries, you don't want to do this manually...
> 
> I think if you have 200 users it is maybe a good use case for using something like ldap to manage them.  For example you guys at WHO are probably all already maintained in an ActiveDirectory server for login to the network etc.  Would be nice to be able to use the same usernames and passwords in dhis.  I gather with the spring security 2 this would be quite easy to do.
> 
> Good to see progress on this.
> 
> Cheers
> Bob
> 
> 
> Knut
> 
> On Fri, Aug 14, 2009 at 10:51 AM, Murodullo Latifov <murodlatifov@xxxxxxxxx> wrote:
> Hi people,
> 
> This is to announce alpha release of DHIS2 + Struts2 (s2) + Spring Security2 (ss2) integration. As s2 and ss2 are major and system wide change, they need intensive testing. Code is available at URL: https://code.launchpad.net/~dhis2-devs/dhis2/d2s2ss2 . S2 is most resent upgrade for webwork and ss2 is for acegy security, especially ss2 is used as is, without customization, each URL can have its own security credentials. From this standpoint we are free to define ROLES and set of roles (most common use cases into one role). All security concerns are now in one single XML file and easy to understand and exists independent of other frameworks in DHIS2. We can also use method level security, if method namings are appropriate using AOP. Please share your experiences, type of user roles you have, so we can adjust system to host that functionality.
> 
> regards,
> murod
> 
> 
> 
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
> 
> 
> 
> --Cheers,
> Knut Staring
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
> 
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: DHIS2 - Struts2 - Spring Security2
From: Jo Størset, 2009-08-14

References

DHIS2 - Struts2 - Spring Security2
From: Murodullo Latifov, 2009-08-14
Re: DHIS2 - Struts2 - Spring Security2
From: Knut Staring, 2009-08-14
Re: DHIS2 - Struts2 - Spring Security2
From: Bob Jolliffe, 2009-08-14
Re: DHIS2 - Struts2 - Spring Security2
From: Murodullo Latifov, 2009-08-14
Re: DHIS2 - Struts2 - Spring Security2
From: Jo Størset, 2009-08-14