I'm trying to understand what these terms mean. And I came with few examples like:
Aggregation : Facebook has a user
Composition : Each user in facebook has a session.
Association : People uses a browser
But I'm getting confused with has a and uses a examples of mine. Why can't it be User uses a facebook account or Facebook uses a session to authenticate user?
Is that wrong in terms of OOP? Where I'm missing the concept?
The uses a relationship means two things
->both can exist independently
->Data flows from the whole classifier(people) to the part classifier(browser)
The has a relationship means two things
->the lifetime of the part classifier(session) is dependent on the lifetime of the whole classifier(facebook)
->data usually flows in only one direction (that is, from the whole classifier(facebook) to the part classifier(session)).
This article from the Code Project makes a neat explanation of the Subject.
First of all there's no stone-written way to model a domain, there are several ways that are correct modeling approach to a particular problem. For example, your initial example uses a Facebook class and in your follow-up you're now using a Facebook Account type: using one or another (or maybe both) has impact un your model but doesn't invalidate it.
Saying that, according to the Code Project site an association relationship implies:
Owner: No owner
Life time: Have their own lifetime
Child object: Child objects all are independent.
With that in mind, I don't think there's an association relationship between User and Facebook Account since they're highly dependant from each other (assuming User refers to a Facebook user), so a composition might be a better relationship.
I'm not sure what are you refering with your Session class. If it's the period of time while the user is connected there is no sense in saying Facebook uses session for authentication and maybe the asociation relationship between User and Session can be an agregation, since a User can have several Sessions in a day an it's the owner of all of them.
Check this wikipedia entry that precisely discusses aggregation VS composition
So, in Java terms, a Facebook User has a name (composition) and a Facebook User has a list of friends (Aggregation)
Related
I'm trying to figure out what I need to specify in UML for a role-based access control system.
Basically I have a Database and only specific people are supposed to access specific functions or informations from that database. My academic helper told me to use a role-based access control system and scribbled some stuff onto a paper.
On the left you can see the 3 roles, and connected to it the database, both in the model part of the Model-View-Control.
My question basically: Which functions/variables do I need in the class Role and the role classes so the access control system works and why?
Generally this is supposed to be written in Java.
EDIT: Each Role has its own login credentials, so they will be identified upon login. With this login they are supposed to get one of those roles, but I don’t know how to give them that role.
I was looking for some diagram I found via google a long time ago, long before this question.
RBAC is a standardized model, it doesn't really contain multiple representations. You can extend it with additional security models, and it's multilevel, so higher levels are optional.
Flat RBAC, the first level, requires the following
users acquire permissions through roles
many to many user role assignment
many to many permission role assignment
user-role assignment review (user - role mapping can be changed, not hardcoded)
users can use permissions of multiple roles simultaneously
I have never seen a full implementation of RBAC in the wild. In a previous job we ultimately had to add point 2 to the application to enable administrators to go into a "support" mode, to view an accounts profile as they would.
This diagram gives a largely complete level 4 representation.
Here is the source of this diagram, it has a lot more information than what I'm saying.
I think the biggest variance you'll have (besides naming) is what object has "check access" and the general naming of these objects and methods.
For further reading on the subject, I would suggest these
Role-Based Access Control, Second Edition
ANSI blog
ANSI specification
NIST 4 levels of RBAC implementation
NIST adding attributes to role-based access control
Wikipedia RBAC, also contains UML
There are other documents including some criticisms, I usually find that simply using RBAC is not sufficient, as there are often more complex requirements than just "manager can do X", for example.
Well, still there are many, many ways to model this. And basically it's not an UML but a design issue. Anyway, here's a possibility:
A user has a single Role which is permanently assigned during a login. Of course a user with admin privilege could alter this role to something else. The Role holds a list of assigned Applications where the association class RoleApplication can hold attributes about what the role can do with the application.
Now how you control that an admin can change rights and all these pretty things that come along with a security system are definitely too broad to go here.
I have a login page which connects to a Database, the Database has only one client, when a user logs on he/she may make certain changes to his profile and then save. A large number of frames require the current user id in order to manipulate his data
Among the possible ways of storing the user currently logged in is
1) to save the data to a temporary text file and persist it before the user logs out
2) another option would be to use variables across all the frames ,however I'm not too confident about this
3) a third way would be to have a Boolean column in the database and to persist the the data of the field with true in it
Perhaps there are better ways of storing the current user Id could somebody elucidate other possible methods and highlight the pros and cons of each implementation with reference to an "optimal" method of doing this
Edit: This is a desktop application
I would suggest not to share this information in any static context for the reason it will render your project as very hard to test once it gets big enough. See this link for more info: When to use singletons, or What is so bad about singletons?
What I would do is store session objects in some map, identifying the appropriate session by an ID that will be given and sent back to you via client cookie. This is how the web has been doing it for years, and it is still doing it this way. Simply pass the session object around to any class that requires access to that data when it needs it.
If you are using a J2EE implementation, then you may already have support for sessions within that implementation, you should check out "How to Use Sessions"
This is more of a software design question, and covering the basis to complete the patterns used to support what I just suggested is unfortunately beyond the scope of the question
The logged user is an instance of the class Person or LoggedUser.
You have to instantiate it and share its reference between Views via a Model.
As the title says, i have a need to create a dynamic menu stored as a tree in the database and there are plans to put an interface on it.Now i need to decide how to implement the Access Control Layer based on what is on the market suitable for this requirement.
I heavily use Spring IoC, spring mvc etc....with hibernate for my project. I've used apache shiro before and it's not bad.just that the community is still young so it takes time for a question regarding shiro to have contributions and there is not extensive documentation.
I was still planing on using shiro anyway because i've an experience which i don't have with spring security.Now the first question should have been Is is a good idea to tie ACL to menu system|navigation system .I would be please if anyone could share his experience regarding that.
So on top of my head i have this model in mind users, roles, rights, users_rights ,roles_users, roles_rights
users //contains creds and user detail
roles //contains roles
rights // contains rights (including menu entries matching rights, if i have to tie them)
roles_users //many-to-many roles-users with extra columns mapped as entity
roles_rights // many-to-many roles-rights with extra columns mapped as entity
users_rights //many-to-many users-rights mapped as entity with extra columns. special rights for user and overwrite the overall rights given by roles. can deny rights given by a role or add rights not inside any roles
so in the rights table i could have like:
id
name // in the form of admin:users:list
description
menu_name // unique name what shows on page
menu_url
the only question is that how do i handle submenu? self many-to-many rights-rights?
at the end it all becomes so complex.So i would like have other perspective, insights ,suggestions. thanks
I hope I understood what you want.
I think that using a self foreign key is valid.
However, I would suggest that you compute the "ACL value" of a sub menu upon its creation, or upon update of one of the parents,
So you won't spent time calculating it while during ACL check for the sub menu.
I'm sorry if I didn't use the terms correctly,
What in general I mean is that if you have some value at a tree, and this value might be dependent on the value of the parent node in the tree,
you should consider to calculate the value for the child node/leaf during insertion , update, or any change at one of the ancestors.
I would like to know -an example is highly appreciated-
How to model relationships in Google App Engine for Java?
-One to Many
-Many to Many
I searched allover the web and I found nothing about Java all guides and tutorials are about Python.
I understood from this article that in Python the relationships are modeled using ReferenceProperty. However, I found nothing about this class in the Javadoc reference.
Furthermore, in this article they discussed the following:
there's currently a shortage of tools for Java users, largely due to the relative newness of the Java platform for App Engine.
However, that's was written in 2009.
At the end, I ended up modeling the relationships using the ancestor path of each entity. I discovered afterwords that this approach has problems and limit the scalability of the app.
Can you please guide me to the equivalent Java class to the Python's ReferenceProperty class? Or can you please give me an example of how to model the relationships in AppEngine using the java datastore low-level API.
Thanks in advance for your help.
Creating relationships between entities in GAE/J depends on db API that you are using:
JDO: entity relationships.
JPA: see docs.
Objectify: single-value relationships.
Low-level API: add a Key of one Entity as a property to another Entity: see property types.
Just a tip. When defining your data model think in terms of end-user queries and define your data model accordingly.
For example, let's take the example of a store renting books. In a traditional application, you would have three main entities :
--> Book
--> Client
--> Rent (to solve the many-to-many)
To display a report with which client is renting which book, you would issue a query joining on the Rent table, Book table and client table.
However, in GAE that won't work because the join operation is not supported.
The solution I found (maybe other solution) is to model with the same three tables but embedding the book and client definitions in the Rent table.
This way, displaying the list of books being rent by whom is extremely fast and inexpensive. The only drawback is that if for example the title of a book changes, I have to go through all the embedded objects. However, how often does that happen vs. read-only queries.
As a summary, think in terms of end-user queries
I am working on a large Java EE web-app with CRM functionalit and we are looking for a security approach/library/solution/anything. Basic role-based security won't work since access control must be based on both role and hierarchy, but must be optionally customisable per document. Because there will be confidential and proprietary information stored, it is a requirement that the security works properly.
Example: To use department store, shelf stalkers stockers can create reports that other stockers can read only if they are in the same department. Now their department manager can read/write/update/delete all reports written by stockers and write reports that all others department managers can read but not see reports of store managers, etc, whom the district managers can r/w/u/d etc. Now, the complications: people at higher levels can make things visible to people at lower levels, either to individuals (department writes document to several specific stockers) users or everyone below them (store manager writes a memo to the entire store) or any permutation you can imagine. Also, individuals can create reports that their peers cannot see or they can choose grant access to store stockers in other districts etc.
We are considering an ACL with one permission per entity, but are worried about the large number of records that would create. Even if only a report was readable to everyone else in a department of 30 and every person above them [in the chain of command], creating a single report would require ~40 records! With 1 report per week per user that is 2000 permissions per user per year. 1,500 users means over 3,000,000 permissions per year.
It seems like a rule-engine based approach would be nice, but I have not seen any blogs or articles mentioning that approach so we're hesitant to that approach.
We are also considering some ACL/rule home-brew hybrid where you could grant permission to a department id with a discriminator of "manager" or "stockers" etc to subselect, but are worried that checking for all possible permissions (you could be granted permission specifically by another user, you have permission as a memeber of your department, you could have permission as a member of a store, or of district) sounds like an error-prone tedious nightmare.
What is the best approach for our application?
You could look at using Spring Security and ACL's - the nice thing about Springs ACL implementation is it is implemented with AoP it should be easier to integrate.
It sounds like your security requirements are quite complicated - off the top of my head I dont know how you'd implement this.. but you can reduce the number of records required by creating ACL's against your object hierarchy and having objects 'inherit' permissions from parent objects. You grant a user read permissions to the parent Department of a Report - so they would inherit read access to the child reports of that department. Alternatively a Manager might have read and update permissions on the Department. The key to all this is how your java object model has been structured.
I have had a similar situation in a system where there were thousands of articles in an object hierarchy of Business Unit -- Publication -- Issue -- Article. You can have hierarchys of ACL's - so in my system - users that had C/R/W permissions to a particular business unit, inherited permissions on all child objects in the hierarchy.
In my opinion Customization + Complexity = JBoss Drools, I don't have much experience using this technology but I believe it would be worth a look in your case, check out the latest drools samples at: http://blog.athico.com/2011/04/try-drools-example-in-less-than-minute.html