OFBiz › OFBiz - Dev

[OFBiz] Dev - System accounts & Service authorization

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

2 messages Options

Ashish Hareet

[OFBiz] Dev - System accounts & Service authorization

Thanks Si for explaining this to me.

But, my problem arises from the fact that I need to keep the core as-is & build a bunch of apps
around it. For instance, I have an order entry app that will let users enter sales orders & create
customers. Now in this app, if I end up using OfBiz services I have to give the corresponding
permissions for the services used to whoever is logged in. This would mean that I end up giving
permissions to cretain other areas aswell which we don't want these users to have. Also, the custom apps
we're developing are entirely differnt apps(from OFBiz prespective).

One possible solution(from a post long ago) was to restrict the links/forms/data available to a user
based on roles, but that in effect was not enough, cause then somebody could type a URL & possibly
get to a restricted part or we'd have to make sure that all our pages had some level of
security/role-authorization in the ftl. This part I came across seems very interesting cause it makes
it possible for me to push in a login for services only, which makes it possible to build my own
security defs using the existing framework & yet be able to use the existing services.

Appreciate any thoughts or feedback
Ashish Hareet

_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev

Si Chen-2

Re: [OFBiz] Dev - System accounts & Service authorization

Ashish,

Again, just my personal opinion, but I think you've formulated your
problem in a way that permits only one answer. If you must keep the
core as-is AND you need a different permission structure for their
users, then it seems that the way you've done it is the only solution.

I still think the better solution would have been to change the
permission structure of the core OFBiz applications and try to get those
incorporated back into OFBiz. You could have avoided essentially
building two security frameworks--one that originally came with OFBiz,
one that you built on top of it which relies on pushing in arbitrary
user logins.

This is one advantage of working with open source--you don't have to
keep the core "as is" but can tailor it for your needs or improve upon it.

Si

Ashish Hareet wrote:

>Thanks Si for explaining this to me.
>
>But, my problem arises from the fact that I need to keep the core as-is & build a bunch of apps
>around it. For instance, I have an order entry app that will let users enter sales orders & create
>customers. Now in this app, if I end up using OfBiz services I have to give the corresponding
>permissions for the services used to whoever is logged in. This would mean that I end up giving
>permissions to cretain other areas aswell which we don't want these users to have. Also, the custom apps
>we're developing are entirely differnt apps(from OFBiz prespective).
>
>One possible solution(from a post long ago) was to restrict the links/forms/data available to a user
>based on roles, but that in effect was not enough, cause then somebody could type a URL & possibly
>get to a restricted part or we'd have to make sure that all our pages had some level of
>security/role-authorization in the ftl. This part I came across seems very interesting cause it makes
>it possible for me to push in a login for services only, which makes it possible to build my own
>security defs using the existing framework & yet be able to use the existing services.
>
>Appreciate any thoughts or feedback
>Ashish Hareet
>
>_______________________________________________
>Dev mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/dev
>
>
>

_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev