i've read this article about authentication library. some of this answer is not satisfy me. my qeustion is:
i know some of the libraries above has not been maintenance
anymore/compatible with Codeigniter 2.0 . but which one who still be
maintenanced ? some of them doesnt have any documentation (tank_auth) would u like to show me the complete documentation instead of basic information founded in the konyukhov's site ?
I plan to make a -dooid-like web or a-identy-like web for
my local colleges.
what is the most suitable authentication for my case?.
i mean it is simple, clear and complete user_guide ,compatible with
codeigniter 2.0 but strong.
excuse me with my english. i am indonesian and i cant speak english well.
I've had great luck and would highly recommend Tank Auth.
It requires only a bit of setup and provides several built in functions for checking if a person is logged in and other useful authentication functions. It's fairly well documented and there's a good community of developers to help if you get stuck.
Related
I want to create an OAuth 2 Server mainly for self education purposes. I do understand the concepts the OAuth framework is based on and I do understand the the authentication process(what is send/received and why).
I'm pretty familiar with java and the Spring framework as such my intentions are to use this technologies.
My question is, In order to implement an OAuth 2 Server:
Do I just follow the rfc6749 to the letter and write my code based on this? Handling everything by my self? from the data and how its stored in the database(if a database is used) to serving the same error/message response?
Do I use a dependency or a library maybe, which will prevent me from reinventing the wheel (as far as OAuth 2 is concerned)?
Or is there and already free service which I can install and does exactly with some minor configurations.
Thanks in regards. :)
If you're writing something new from scratch, I would recommend you would take a look at the upcoming OAuth 2.1 spec. Largely compatible with OAuth2, but there's a few features removed and some stuff added. It might be worth starting off with something that's immediately the bleeding edge.
Yes, probably. Unless you can't find a good one?
Yes, there's open source implementations and free hosted services.
I think what you want is Keycloak.
Thanks.
I have recently been thinking about how to get my webframework/application-stack right. I'm slowly moving over to scala and functional programming (coming from Python with CherryPy). So it was natural to look into Play as it is the most widely supported framework (now that even Typesafe adopted it). Feel free to correct me if I'm missing something here.
So play is really embracing the idea of stateless webapps and I have a hard time wrapping my head around it in terms of authentication and authorization. Now after some online digging (The definitive guide to form-based website authentication) I came to conclusion that authentication and authorizing must be done on each and every call to my backend (JSON-RPC or whatever), getting away from the old session-cookie idea.
Now whats the best approach to achieve this with todays technology?
And what about:
I thought about "simple" DigestAuth as it is proven and widespread but then it has this similar feel to the old and rusty basic auth.
Thank you!
You can easely get a work solution. But, not a good one. It seems that the advantage of stateless to stateful is no needs of sharing sessions. Easy to scale up. But, do authentication for each call is costly. Sometimes even add some extra database reads ops. This will slow down the response. If you want to cache the authentication result, then there will be no difference with a stateful session solution.
As my opinion. You can not implements a Role Based Access Control in a stateless way!
As for me I use this in my current project https://github.com/t2v/play20-auth, works fine.
I posed this question to my lecturer, but I would also like a variety of answers in order to better understand this conundrum of mine. Here is the original message with names omitted.
Hi **,
Thank you for your intro lecture today, I look forward to the work involved in the coming weeks.
I am however, rather confused regarding the terms CMS, API and Framework. The internet isn't providing much help either because these terms get thrown a lot and often for the very same thing!
A have a bit of background in LAMP web development, and I will provide a hypothetical scenario, where hopefully you can tell me where these terms would fit in.
I am using LAMP (Linux web server with Apache, MySQL and PHP).
I am developing a website whereby the public can watch movies (umm... ignore the legal issues, purely hypothetical and for educational purposes of course!)
I create my MySQL database using phpMyAdmin, and tables will involve 'users', 'categories', 'content' etc.
I now create an 'admin control panel (CP)' which I will refer to as the back-end. Authorised users, depending on their access levels (as determined by their account in the 'users' table) can add/edit/delete various things. These changes are reflected on what I call the front-end.
The front-end is the public facing website, whereby the public visit this website to watch films of their choice.
The back-end (i.e. the Admin CP) controls/regulates the content of users and pretty much everything. Over time, the developers could add more features to this for more functionality. E.g. a comments. Alternatively, a developer could use the Facebook comments API to include into every 'film' page on the front-end, this makes it a lot easier.
Now back to the main question at hand, is this a web CMS? Where would an API fit into this? Is this a framework?
Note: I'm not using anything like WordPress or Joomla etc., it's all custom coded by myself. Using PHP and HTML5, CSS3, maybe a bit of jQuery too, and of course SQL statements via PHP to interact with the MySQL database.
I appreciate your help in this confusion of mine.
Thanks,
EDIT: I have commented my thoughts based on Justin's input. If I'm on the right track let me know, cheers.
Thanks for the post.
The three terms you have stated are used quite often around the web, and they are always changing. First you have a CMS, CMS stands for Content Management System, like above you have stated Wordpress and Joomla. That is where someone has already created the software to create a site/blog without having to mess with PHP, MySQL, and Apache. You are merely doing anything on the front-end, just simply posting your content, and making it live. The software does all of the back-end work for you.
API, simply put. Open-source "plug-in" which allows the user to integrate a service or application into their site or application for use.
Framework, Like Bootstrap, created by Twitter. A Web Framework is an easy way to develop a site on the front-end. It gives the learning amateur a chance at developing the front-end while learning great concepts along the way.
We have been using ReqPro to a great extent by taking the advantage of the API DLLs. We basically develop .NET application and used the DLLs to store data to the ReqPro projects with great ease.
Now, we are looking at possible ways to move to RRC. For this, we need to know how we can achieve the same features.
As RRC is web based, it might have some services that can be used for such things.
The basic requirements are inserting requirements, traceabilities, history etc to RRC and retrieving the same.
Back to top
Please take a look at OSLC - this is a REST-based interface to RRC that will allow you to access and write to RRC. It may not cover all the capabilities you require - but should be a good start. http://open-services.net/ - and then look at the RM specification.
Hope that helps
anthony
p.s Another good place to cross-post this question is the forums on jazz.net - there is a specific forum for RRC.
we're developing a web app to cover all aspects of a printing company from finances, to payroll, to job costing. Its important to be able to control who can access what parts of these applications. Don't want a line employee giving himself a raise, etc...
I've heard of the concept of ACL & ACO, but haven't found a good example that we could adapt to our project.
Anyone know where I can find good information to work from?
A brief rundown on ACLs, where they should be used and how they should be structured and implemented for various applications and user levels can be found here:
LINK
I've had to implement that type of security a couple of times. Unfortunately I don't know of any really good articles that provide examples. My implementations were mainly piecing together the parts through trial and error.
However, I did come across this link on MSDN:
http://msdn.microsoft.com/en-us/library/52kd59t0(VS.71).aspx
It has some of the concepts.
After my original post, I did some more research. I found this article:
http://www.aspfree.com/c/a/C-Sharp/Implementing-Role-Based-Security-using-CSharp/
it seems pretty promising, I didn't go through all the details, but it at least guides you through the high-level topics.
If you're using .NET/Windows you might want to look into Windows Authorization Manager (AzMan). There are support for AzMan in Enterprise Library but there are other ways of using it as well.
http://msdn.microsoft.com/en-us/library/ms998336.aspx
http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAuthorizationManager.html