Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
In the course of my work i need to develop an authorization engine ( i'm already authenticated and i check access of a user to an action ) in order to store all the authorization logic inside a same place and be able to reuse it and i have created the mini library.
http://github.com/eltados/canny
what do you think about it?
Is there any lightweight Authorization engine library i could have a look at?
I'd use Spring Security before I developed anything of my own. Authorization and authentication are cross-cutting concerns. Spring properly puts them in aspects that you can configure down to the method level.
I only had a brief look and was wondering whether you had considered the following questions:
I'm not a fan of using a static attribute to store the Authorisation object and all the rules, this could lead to problems in clustered environments or when multiple applications share an appserver (I'm thinking shared classloader problems with JBoss here)
The canny engine provides no out-of-the-box functionality for dynamically accessing authorisation stores. As far as I can tell in order to get user/permission information from LDAP or a database, a custom rule needs to be created.
I'm not sure whether having the definitions of the rules in code is the best place, as it will mean having to rewrite/rebuild/redeploy code to change the rules.
Note, maybe I have misunderstood some of the concerns, but the readme and test classes were a little bit sparse.
Personally, Spring Security has been my Authentication/Authorisation framework of choice.
Hope that helps.
Three years later... You want to use XACML and a XACML authorization engine. There are open-source alternatives (WSO2, Heras AF, Sun XACML) and vendors alternatives (Axiomatics, IBM...).
Disclaimer: I work for Axiomatics.
Our solution can be an authorization service or used as a library you embed within your application - see more at http://www.axiomatics.com/
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
Can someone explain why is React so popular?
My understanding is that it helps with the V part of MVC design pattern for apps and is useful as its JS so can be used for UI perhaps in general.
Why would it be better than SPA (not sure I get what this means exactly, i.e. just using Javascript? - Real technical advantages of React Native over Web)
Also, it was created by Facebook so perhaps there is added benefit/functionality through that (if anyone can provide specifics that would help.
But what are the specific technical advantages/efficiencies about React is so advantageous and helpful to developers?
As an example, say I work for a bank and am designing a bank account app - how would React be useful over an alternative?
So it basically depends upon what type of application you are making . Few benefits that I found with react are:
It is based on the concept of virtual dom (main benefit of it): you can read more abt it from https://reactjs.org/docs/faq-internals.html
Easy to learn as mostly it is javascript, ES6 compared to Angular latest versions
Good community support
However, React alone is of no good use for big applications. So ultimately you have to use some state management tool like redux/ flux with it
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
What are the main advantages of using java cloudant client api instead of directly using the cloudant REST API?
thanks
A lot of effort has been made to ensure that the Cloudant Java library is slick to use, and hiding both some of the rough edges of the API, encoding some best practices and saving you from tedious boiler plating.
It also gives you a lot of extra functionality "for free", for example automatic retrying of requests that generated a "429: Too Many Requests" response in the rate-limited environment on IBM Cloud.
The Java library is of course also officially supported, with a regular release cadence, meaning that you can raise tickets against it, and have an expectation that issues will be fixed. As these libraries are developed in conjunction with the service, you can also expect that new features in the service will be reflected in the client libraries.
Saying all that, it's good to reflect on when to use a library that someone else wrote, and when to "roll your own". All languages and platforms tend to have good support for HTTP, and speaking directly to the API can mean that you know exactly what you have, and you can avoid any bloat, especially if you only need a fraction of what the library provides.
Here's an example I wrote (in Python, but the ideas hold for any language) to show how simple it can be to write a "micro" library yourself to target the API directly:
https://github.com/xpqz/microcdt
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I've to rebuild a swing based application to move it to a web environment. This application has some functionalities that already exist in another web application. I want them both to maintain the same functionalities, even those that are shared, but I don't want duplicated code.
In terms of architecture/technologies, what is the best approach to reuse as much code as I can? A third service-oriented application that controls all the business logic and have the web applications serve only as front-end? But how to avoid code duplication on the front-end?
Any feedback will be much appreciated.
very broad question so it's hard to give exact solution. think about separating common functionality as a different service. then both application can just redirect to it or use its api.
if that's not an option then try to separate that logic to a library that will be included in other application. good frontend frameworks allow you to do it also with frontend code (directives, plugins, validators etc)
You could work with dependencies transforming the common utilities, access data and business rules in libraries. In first moment you can make a refactor separating tiers and responsibilities and then you can incorporate Maven in you environment to generate and start to work with dependencies.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have an opportunity to learn some new tech to write this code. Basic requirements:
users in various locations worldwide
user control: control who can see, edit, approve various sheets/accounts/transactions within a sheet
parse bank statement files into the system
generate reports
robust logging: who enters, edits, approves transactions
secure, reliable data storage
ability to serve from the Internet, or a local network web server
I was going to use a Google Docs Spreadsheet with scripts, but I can't see the user control being rigid enough.
At the moment I am leaning towards Java Servlets and JSP with Google App Engine.
What would you use?
Servlets and JSP are good technology but fairly basic / low level. You might find it more interesting and productive to try on of the newer web-based frameworks.
Some ideas:
Vaadin might suit this kind of application pretty well, it's a framework for rich internet applications that gives you much more sophisticated components than you could implement with plain JSPs.
I've also heard very good thinks about the Play Framework.
If you are feeling really adventurous and fancy picking up a new language (Clojure) then Noir is also a great web framework in the making.
The only requirement here that may be a gotcha for App Engine is "ability to serve from the Internet, or a local network web server". What exactly do you mean? If this is something that your users are going to want to install locally then App Engine is out of the question.
Any sort of java based solution is going to fit all of the rest of your requirements. Since you have a lot of logging/security, you may want to look at Spring MVC with Spring Security or even Grails (which also supports spring security).
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I've used Spring and Spring.NET quite a bit, but I would like to see what else is out there. Can anyone recommend a good Java or .NET framework that I could try to learn?
Here is a list of IoC containers from the good Mr. Hanselman...
Castle Windsor is very popular, you could do worse than learn that.
On the .Net side, Ninject is probably the most interesting, on the Java side, I would say check out Google Guice. That being said, DI is DI, and they all more or less do the same thing. The differences are mostly in how they are configured.
Google Guice is very good - unless you really need it, there are no .xml configuration files - everything is done via annotations, and in an ideal world you can avoid setter methods, injecting your dependencies via the constructor.
I'd suggest JBoss Seam. It has a very different dependency injection model than Spring. Seam's DI is bidirectional and able to inject values at every stage in an object's life (not just during initialization).
It's certainly not a good for everything, but if your looking to try different things in DI, this is interesting.
Look at Seam's home page.
So in the wide world of software you feel the need to learn what is 'assumed plumbing' rather than expand your base? You just use IoC. It's not even optional for anyone serious. This is going on like a decade now.
Go master Functional Programming in say F#. Master the new IObserver and related work coming in .NET 4.0 as the conceptual pairing to IEnumerable. Write a domain specific language for your domain of choice. Create New abstractions, don't simply relearn old ones.