We are working on an existing application, at least 15 or 20 years old more than 2000000 lines of code and we want to add user authorization. Visual components should be visible and or enabled based on authorization, methods should be allowed based on authorization.
We are working on an existing application, at least 15 or 20 years old more than 2000000 lines of code and we want to add user authorization. Visual components should be visible and or enabled based on authorization, methods should be allowed based on authorization.
I remember reading about authorization implemented with attributes and (i think) aspect oriented programming but cannot find the article any more.
How would you try to implemented this in a big existing pile of code... not always optimally structured? Where can i find more info on this?
I remember reading about authorization implemented with attributes and (i think) aspect oriented programming but cannot find the article any more.
How would you try to implemented this in a big existing pile of code... not always optimally structured? Where can i find more info on this?
Attila Kovacs Can you (and do you want to) ex
ReplyDeleteplain how you solved this ?
As suggested by both Andrea Raimondi and Asbjørn Heid I use TMS Security tmssoftware.com - TMS Software and it pretty well fits my needs, and beyond.
ReplyDeleteFor example it offers database persistence and it is completely Policy-Based: you first define Group then Users then form-policies and finally you link users to groups and assign policies to groups.
If works very well and you do not need to reinvent the wheel. Last but not least, it is well documented ad you can give it a try, downloading a trial version of it.