Scalable role based authentication
I am currently designing a role based authentication system for resources where many users have different access rights to it.
A role may be a single user, or a group of roles (so a role is a tree of roles). (see graphic below)
A resource can have multiple authentication properties (like read, write, delete), where each of this is a list of roles allowed to do access the operation. (see graphic below)
The problem is if I want to check if a user has the right to access a property, i have to traverse n trees in worst case (where n is the number of roles assigned to an property).
So for example to check if 'Max' may read the property I might have to check the Marketing, Management and Administration trees if they contain 'Max'.
Do you know of any algorithm or alternative approach which removes the quite expensive tree searches while maintaining the role system or something equally powerful.
The perfect case would be some lookup like O(log(n)) for n roles.
Question from quite newbie. I generated entity and model, then a CRUD for it using Gii. Default acces rules say that delete action can do just users with admin role. By default we have 2 users defined
I have a requirements to implement a password-based local user authentication, and a role-based authorization in a new AnguletJS application. As a part of my requirements, user passwords must not be t
I am searching for a security framework that allows role based security for OSGi services as well as CXF webservices. Some time ago I already used spring security but as we now switched to blueprint i
I have very simple: [PrincipalPermission(SecurityAction.Demand, Role = Administrator)] public partial class _Default : System.Web.UI.Page This works - it denies access if role is not administrator.
I'm looking for some input on how others would architect this. I'm going to provide class (django group) based views. For example, a user's group will determine what views/templates he or she will ha
I implemented spring-mvc based java application via no-xml. How to do set rol based authentication for each controller method? I don't want to static role name facultyMember like following code: @PreA
We have a java based STS service .We would like to use this STS for claims based authentication provided by WIF . Can someone provide some insight into how this can be acheieved ? All the examples I h
I use spring security, spring, hibernate and jsf authentication work correctly but it always redirects me to the page home.jsf I want to manage the access of users after authentication I want to manag
I have an REST service on my webserver, written in php. I was wondering, what would be the best authentication (besides basic http access authentication). I've heared of token-based auth, and would li
I am a newbie to ICEfaces and i have a requirement where i need to download a document from a given url (http://ipaddress/formexec?objectid=201). This URL uses a form based authentication that is dep
I am trying to implement Role Based Security in MVC 4. After searching for quiet some time, I am unable to figure out how to do it. I learned MVC 4 has its own SimpleMembership feature, but I am unabl
We have several sites that use Forms Based authentication (FBA) within SharePoint. Many of them have been running for months without issues. Within the last week or two we have noticed the following b
We are writing a web application to be deployed on our intranet. We want to implement role based security but would like to not write it all from scratch. Is there anything built into .NET to do this
I'm trying to setup “Certificate-Based Mutual Authentication” in my Java EE application. My requirement outline as follows, Deploying a web application (Java EE on IBM Webshpere) which is pulicly avai
I'm trying to use a code read in Kent's Korner for Form-based authentication. At least I'm told the web site I'm trying to read is form-based authenticated. But I don't seem to be able to get past the
I'm looking for a pub/sub engine, with the following requirements: Very low latency < 0.5 sec Scalable Shardable (based on geo localisation) I'd like to be able to have multiple pub/sub servers a
I'm working on a REST webservice, and in particular authentication methods for browser-based requests. (using JsonP or Cross-domain XHR requests/XDomainRequest). I've done some research in OAuth, and
This may be a slightly ignorant question but Im new to mvc so Im sorry! I studied the nerd dinner auth model but In my app I have a complicated role based authentication. So What I do is this: void M
I need to do a quick sample WPF application where the controls on the forms should be made visible or hidden based on the user roles. Something like this will be great, How to manipulate WPF GUI base
I want to filter object properties based on authentication or even roles. So, for example full user profile will be returned for authenticated user and filterd for non authenticated. How can I achiev
Although I'm new to ASP.NET I have to implement a role based user management system for an ASP.NET MVC 4 application (Visual Studio 2010). Users have one or more of these roles: Admin, Manager, User.
How does one rename a menu (or page name) based on roles in wordpress? I added 2 roles in my wordpress site [teacher, student] and several menu names [home, activity, corner, contact us]. The menu nam
I’m trying to modify a Meteor app (Telescope) to work with non-oauth-based authentication. To be more specific, I want to use a cookie set by my larger web framework as a username/token based authenti
Does anyone implement Dynamics CRM claims based authentication utilizing existing STS? White paper says: User authentication in Dynamics CRM 2011 is based on Windows Identity Foundation that forms the
Are there any java open source role-based access control system?
I am trying to use Role based authorization in declarative way, when unauthorized user attempt to access a page, it never fire an exception or show the user an error message. What I should do to show
Team, kindly help me how to implement SAML based authentication for iPhone application. I have .NET REST based JSON webservice as my backend service. Kindly advice me on this requirement.
We are using MVC3 with unobstructuve validation, all is fine; we got our custom validations working on the server as well as on the client. We are also using the build-in asp.net Role provider. We hav
I would like to implement a simple authentication in an JSF/Primefaces application. I have tried lots of different things, e.g. Dialog - Login Demo makes a simple test on a dialog, but it does not log
I am pretty new to springboot and I have been having issues using the role based basic authentication on some of my methods. I have written a custom UserDetailsService which works fine without roles.
Form based authentication for websites We believe that StackOverflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variatio
I'm working on an MVC4 site using SimpleMembership to handle user accounts and role based authentication. We have another site and we'd like to implement a single sign on system allowing users from th
I have correctly implemented authentication on an MVC application I have been working on and would like some suggestions on the possibilty of showing different master layout pages for the different us
I am developing a WinRT app which has many user roles. The View of many pages in my app change based on the Userrole For eg. I have a Student role and a Professor role. When the Student logs in he wil
I'm trying to implement Act As functionality for an ASP.NET application while at the same time using Windows Authentication and a custom role provider. Essentially what I want to be able to do is:
How do you setup spring-security for a restful api using a cookie based authentication? Currently I'm trying to make sure a request has a cookie with a sessionId on it that I validate against redis. I
I am trying 2 Role based registration. Ex: Role1, Role2 Once click Registration link then select any Role(role1, role2) after form field automatically change. It's possible ? Example: Select Role : (R
I want to know how can I enable form based authentication in java through database. After connecting to database, how can I verify whether the username and password, which I'm entering through html pa
I'm creating a custom Role provider based on the ASP.NET Role provider. I have 3 tables. One for Users, one for Roles, one for UsersInRoles.The Users table has no password column because the users are
I need to implement SSO-based authentication to access a protected resource using adapters. Can anyone suggest where to start from, any references, pointers would be of great help.
I read about token based authentication and get the general id. What I don't understand is why on the frontend (ember in my case) I would need such a token if all communication is with your own restfu
I'm trying to setup Forms Based Authentication in IIS 7.5 with ColdFusion 10. It's somewhat working but not prompting for ColdFusion pages. Yes, I did enable the Integrated Pipeline to force auth on a
Right now we have a form authentication application. Now a new customer ask us for LDAP authentication. Now the situation is our main server hosted at AWS and customers LDAP server is at some other pl
I'm trying to hide the Settings area in CRM 2011 such that it is visible only to users having a certain security role. I have followed the suggestions mentioned in the following posts https://commu
What will be the best approach for creating MongDB collection(s) that can be scalable and have best read performance? Following are the assumption A user has 100 entries /day. Entries are private to
I am trying to understand access control based on RBAC model. I referred to the following link. NIST RBAC Data Model I haven't understood this part clearly as mentioned in the excerpt - *Each sessio
Do we know how to implement LDAP support for the new authentication system introduced in VS 2013 which is based on owin.org . I have written my own provider using Forms authentication but it doesnt wo
I am following the link http://middlewaremagic.com/weblogic/?p=2034 to perform form based authentication. I have created a security realm then successfully delegate the authentication check to weblogi
I would like to know your opinion about using Cassandra to implement a RBAC-like authentication & authorization model. We have simplified the central relationship of the general model (http://en.w
Following up on a prior question, I'm trying to figure out how to set up container-based authentication for a J2EE application. Specifically, I need to be able to apply a password digest algorithm oth