Lithium Access Control - lithium

I need to control who or what role gets access to what page or what method. Something like the class and method anotations on ASP MVC or Spring JAVA.
How can I do this in lithium?

There is no built-in complete ACL functionality on Lihtium's core, beauce there is no really solution to ACLs problem.
Hopefully, Lithium is kick-ass when it comes to deal with external libraries and plugin to extend the core functionality.
Take a look to li3_access which is the most complete and flexible plugin or ACL out there, or simpler solutions.
If your only need is to specify which actions are public and which not, you can dot it using Lithium filters: Read the guide
PS: Zed Shaw - The ACL is Dead http://vimeo.com/2723800

Related

Is there any built-in manager for handling CRUD operations of tables from ConfigurationDbContext(Clients, Resources...)?

I'm very new with those things, so I have some problems with understanding and figuring out which approach to use.
Currently, I am using .NET Core 3.1 and IdentityServer4 in my project. I am configuring my authorization server and there I have some controllers for creating users, clients etc.
In the controller for users handling I am using UserManager for all of the CRUD operations. Is that better approach than using dbContext?
I have created controller for handling clients as well. For this purpose, I am using ConfigurationDbContext, since I have not found some kind of a built-in manager for handling this.
Do you have some better solution? I am thinking of creating managers for this. Is there some example of that?
I want to create controllers which would function in the similar way, to have similar behavior, response results, validations etc.
Thank you for your help.
As far I as know UserManager comes with ASP.Net core Identity which is the way Microsoft gives built-in functionality to manage Manages users, passwords, profile data, roles, and others.
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-3.1&tabs=visual-studio
You can find Stores under IdentityServer4 namespaces like IClientStore and IResourceStore and more, so those interfaces have a similar Idea of userManager for users in Identity.
This is the source code https://github.com/IdentityServer/IdentityServer4/tree/master/src/Storage/src/Stores
Anyway there is an AdminUi that you can take a look to see if you find something helpful https://www.identityserver.com/documentation

ASP.NET MVC 5 simple login

I need simple log in functionality in my project (logged in users can access and modify their profile). I've read a book "PRO ASP.NET MVC 5" by Adam Freeman where he quickly written a simple, short and elegant login mechanism just by using authorization and authentication filters and extending from some built-in classes. However, I just checked the internet and found many completely opposite approaches using classes such as Identity and Claim and achieved by writing LOTS of code, i.e. this or this.
Is it really necessary to implement a huge framework and write many lines of code just for a simple log in approach with some security? Is it really that bad to rely on authentication and authorization filters?
Yes, I am planning on publishing my project, but it's really very small.
What would be the best and the most beneficial practice for creating a basic log in functionality?
when you create asp.net mvc 5 webapp you will find asp.net-identity already exist you just have to make simple changes in the user to link it to your other entites

Best Practice for documenting Symfony2 based REST API

I like to document my API (REST with JSON) which is written in PHP with the Symfony2 Project. This means I would like to write a public API, which I can give out to my clients, without showing them my internal functions etc.
What is the best practice to write Documentation in the public functions (Controllers, etc...). I'm currently using YAML for routing, which seems to be incompatible with the Annotation Based PHPDoc.
Thank you in advance!
You should then use NelmioApiDocBundle which was designed specifically for the need of documenting Restful Symfony2 API(s).
Find the bundle's documentation here.
It provides an ApiDoc() Annotation for Controllers,
The ApiDoc() Annotation.
And it also allows you to browse the whole documentation through an interfactive web interface,
On-The-Fly Documentation - Web Interface.

How to implementing a user level access in yii?

Is there a good extension for yii framework that controls user permissions. Give them different levels of access. I have checked some of them, they are good but up to date for example http://www.yiiframework.com/extension/rights/.
You can look up this Yii extension. I used it a couple of times myself. http://www.yiiframework.com/extension/srbac/
Before implementing an extention please checkout original rbac from yii. It is important to understand how it works. Extentions are mainly made to have an graphical administration for it.
http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control

JSF 2.0 authentication

I know there are a lot of other question about this topic but I haven't found the right solution for my case.
The landscape is like that:
Backend runs on a tomcat and provides some services. Amongst others there is UserService.login().
The Frontend (JSF 2.0, Spring 3, OpenFaces or Primefaces) which i should implement runs on a different tomcat. I need to implement the security level in the frontend. For sure I'm searching for the best framework (seam, spring security, jaas). And if you know a good tutorial it would be great if you let me know. i can send username/password to the backend and receive a User with id, username and role.
I found lots of tutorials, but i didn't get it work properly. Can anyone help me?
I probably can't explain the whole thing. But you can follow these links and should get you want you need.
First setup basic JSF-Spring Security application like in this link . Here the author did hard code the user details in the applicationContext itself for simplicity. But for your requirement you need to implement a custom UserDetailsService and which is the authentication provider where it loads the user details from the backend. You can take a look at this link.