dhis2-devs team mailing list archive

Thread
Date

Re: DHIS2 - Struts2 - Spring Security2

To: Murodullo Latifov <murodlatifov@xxxxxxxxx>
From: Bob Jolliffe <bobjolliffe@xxxxxxxxx>
Date: Fri, 14 Aug 2009 11:16:52 +0100
Cc: Sundeep Sahay <sundeep.sahay@xxxxxxxxx>, Jørn Braa <jornbraa@xxxxxxxxx>, DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <101003.44128.qm@web32908.mail.mud.yahoo.com>

Hi Murod

2009/8/14 Murodullo Latifov <murodlatifov@xxxxxxxxx>

> Hi Bob,
>
> Don't agree, I don't think LDAP gives something special, though it is
> there, we can activate it. Its useful when lazy guy does not want to login
> again, because he already logged into his windows machine and mostly have no
> time for this.
>

I don't think ldap has really much to do with the lazy guy who doesn't want
to login again.  Its more about the lazy system/network administrator.  In
an enterprise environment (not a small clinic, but maybe WHO, a national or
even large district health department office) it is quite likely that there
is an existing directory server - typically an AD or Novell setup.   When
you are responsible for that kind of environment you want to avoid a
multiplicity of new systems being placed on the network which require their
own separate administration of users.  So if you are smart you place in your
procurement guidelines that any new system being purchased must integrate
into the existing directory setup.  This is also nice for tender evaluations
because its an easy box to tick and eliminate lots of systems on objective
grounds.  That is why it is a standard feature on almost any enterprise
scale software you might think of - alfresco, liferay, plone, jira, zenoss,
sharepoint, zimbra, exchange, sharepoint etc etc.

Now this array is not our common use case, but in an enterprise of 200 users
it is much more likely that dhis should be expected to play along nicely
with everything else.  And it's great that spring security allows it.  Don't
get me wrong - I really don't think it is a priority.  Just welcoming the
new possibility we now have.


> In this case he can tick "remember me" once, actually new functionality on
> security, and every next time from that machine he will be authenticated
> automatically.
>

I think we should consider disabling this feature.  Its not a good idea to
allow this.

Anyway, don't mean to sabotage your call ... you are calling for use cases
for user roles.

Regards
Bob


>
> murod
>
> ------------------------------
> *From:* Bob Jolliffe <bobjolliffe@xxxxxxxxx>
> *To:* Knut Staring <knutst@xxxxxxxxx>
> *Cc:* Murodullo Latifov <murodlatifov@xxxxxxxxx>; Sundeep Sahay <
> sundeep.sahay@xxxxxxxxx>; Jørn Braa <jornbraa@xxxxxxxxx>; DHIS 2
> developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
> *Sent:* Friday, August 14, 2009 2:36:53 PM
>
> *Subject:* Re: [Dhis2-devs] DHIS2 - Struts2 - Spring Security2
>
> 2009/8/14 Knut Staring <knutst@xxxxxxxxx>
>
>> Delighted to see progress on this.
>>
>> One thing that I've encountered (and which should become a blueprint), is
>> that you would like to automatically generate users who only have access to
>> subtrees (at a certain level).
>>
>> The concrete example is that you have all the countries in the world
>> (grouped into regions), and would like to have a user for each country who
>> should not have access to data for any other contry. With 200 countries, you
>> don't want to do this manually...
>>
>
> I think if you have 200 users it is maybe a good use case for using
> something like ldap to manage them.  For example you guys at WHO are
> probably all already maintained in an ActiveDirectory server for login to
> the network etc.  Would be nice to be able to use the same usernames and
> passwords in dhis.  I gather with the spring security 2 this would be quite
> easy to do.
>
> Good to see progress on this.
>
> Cheers
> Bob
>
>
>>
>> Knut
>>
>> On Fri, Aug 14, 2009 at 10:51 AM, Murodullo Latifov <
>> murodlatifov@xxxxxxxxx> wrote:
>>
>>> Hi people,
>>>
>>> This is to announce alpha release of DHIS2 + Struts2 (s2) + Spring
>>> Security2 (ss2) integration. As s2 and ss2 are major and system wide change,
>>> they need intensive testing. Code is available at URL:
>>> https://code.launchpad.net/~dhis2-devs/dhis2/d2s2ss2<https://code.launchpad.net/%7Edhis2-devs/dhis2/d2s2ss2>. S2 is most resent upgrade for webwork and ss2 is for acegy security,
>>> especially ss2 is used as is, without customization, each URL can have its
>>> own security credentials. From this standpoint we are free to define ROLES
>>> and set of roles (most common use cases into one role). All security
>>> concerns are now in one single XML file and easy to understand and exists
>>> independent of other frameworks in DHIS2. We can also use method level
>>> security, if method namings are appropriate using AOP. Please share your
>>> experiences, type of user roles you have, so we can adjust system to host
>>> that functionality.
>>>
>>> regards,
>>> murod
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~dhis2-devs<https://launchpad.net/%7Edhis2-devs>
>>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~dhis2-devs<https://launchpad.net/%7Edhis2-devs>
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>
>>
>>
>> --
>> Cheers,
>> Knut Staring
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs<https://launchpad.net/%7Edhis2-devs>
>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-devs<https://launchpad.net/%7Edhis2-devs>
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>

References

DHIS2 - Struts2 - Spring Security2
From: Murodullo Latifov, 2009-08-14
Re: DHIS2 - Struts2 - Spring Security2
From: Knut Staring, 2009-08-14
Re: DHIS2 - Struts2 - Spring Security2
From: Bob Jolliffe, 2009-08-14
Re: DHIS2 - Struts2 - Spring Security2
From: Murodullo Latifov, 2009-08-14