good chemistry is complicated,
and a little bit messy -LW
OT: WebApp Authorization Questionby jimbus (Friar)
|on May 05, 2006 at 18:27 UTC||Need Help??|
jimbus has asked for the
wisdom of the Perl Monks concerning the following question:
This is methodology related more than Perl related, but I'm using Perl to impliment and PerlMonks is one of the best communities I've ever been a part of... so here it goes.
Bishop Summary: I'm having issues getting my head wrapped around the authorization patterns and would appreciate any input or pointers to documents that discuss this. I've done webapps and document management for many years, but the rules of engagement have always been dictated by the customer or the software. This is my first time at designing authentication from the ground up.
My applications will fall into three basic catagories:
Pretty basic stuff, were it gets more complicated for me is the authorization. Parts of this will be segregated by department and some sections will be by person, but it will be all role based.
At a page/webapp level, I figured it would be pretty easy. I would just pass the authenticated name and required role for the page against the user roles db and redirect if it failed.
The first area I get overwhelmed is the menuing. I've got the main menu in a strip across the top and then menus downthe right side for the app, user role and quick links. Except for the main menu which will be fairly static, I'd like to build/maintain the context sensitive side menus from a DB.
The other issue I have is the knowledge base. How do I build a document db with lucene, but tell the search engine that only certain roles can see certain docs?
I know TIMTOWTDI, but... and this seems to be a common thread to my posts... there seems to be patterns and best practices that everyone seems to know but me :).
--Jimbus aka Jim Babcock
Wireless Data Engineer and Geek Wannabe