Rhino Security
Handling complex security conditions with Rhino Security
I got an interesting question about handling complex security conditions that I thought would be perfect to illustrate the underlying design principles for Rhino Security. The problem is securing surveys. A survey has a start date, an end date, can be marked as applicable to a specific population, may be public or private, etc. The specification says that a survey that the user does not own should only be visible to a user iff: The survey is public The survey is active The survey has started ...
On PSake
James Kovacks introduced psake ( a power shell based build system )over a year ago, and at the time, I gave it a glance and decided that it was interesting, but not worth further investigation. This weekend, as I was restructuring my Rhino Tools project, I realized that I need to touch the build system as well. The Rhino Tools build system has been through several projects, and was originally ported from Hibernate. It is NAnt based, complex, and can do just about everything that you want expect be easily understandable. It became clear to me very quickly...
The complexity of unity
This post is about the Rhino Tools project. It has been running for a long time now, over 5 years, and amassed quite a few projects in it. I really like the codebase in the projects in Rhino Tools, but secondary aspects has been creeping in that made managing the project harder. In particular, putting all the projects in a single repository made it easy, far too easy. Projects had an easy time taking dependencies that they shouldn’t, and the entire build process was… complex, to say the least. I have been somewhat unhappily tolerant of this so...
Opening seams for testing
While testing Rhino Service Bus, I run into several pretty annoying issues. The most consistent one is that the actual work done by the bus is done on another thread, so we have to have some synchronization mechanisms build into the bus just so we would be able to get consistent tests. In some tests, this is not really needed, because I can utilize the existing synchronization primitives in the platform. Here is a good example of that: 1: [Fact]
...
The data access challenge: Implement Rhino Security
Rhino Security is an awesome little framework that provide security infrastructure for applications. I created that after having to rebuild a security infrastructure five times, due to changing requirements. It is implemented on top of NHibernate. I would like to challenge you to implement Rhino Security in your data access strategy of choice. Here is the design, intro and implementation notes. And of course that the code itself is accessible here. If you think that your data access strategy is awesome, show me the code. Rhino Security is a non trivial example, but it is still quite small, about...
When your extensibility strategy is OOD...
You get to have really simple solutions. One of the reasons that I like NHibernate so much is that is allow me to use Object Oriented solutions to my problems. Case in point, we have the Rhino Security library, which provide a facility for asking security questions about your domain. Bart had an issue with Rhino Security, he wanted to extend the library to also contain a type. The original idea was to add a int field called AppSpecific, which will let each app define additional information on top of the existing domain model. That made me feel so Win32...
What hid under the bed...
public class ARValidatingAuthorizationRepository<TIEntityType, TIUsersGroup, TIEntitiesGroup, TIOperation, TIEntityReference, TIPermission>
: RhinoAuthorizationRepository< TIEntityType, TIUsersGroup, TIEntitiesGroup, TIOperation, TIEntityReference, TIPermission>
where TIEntityType : class, IEntityType, new()
where TIUsersGroup : class, IUsersGroup, new()
where TIEntitiesGroup : class, IEntitiesGroup, new()
where TIOperation : class, IOperation, new()
where TIEntityReference : class, IEntityReference, new()
where TIPermission : class, IPermission, new()
Rhino Security: External API
When I thought about Rhino Security, I imagine it with a single public interface that had exactly three methods: IsAllowed AddPermissionsToQuery Why When I sat down and actually wrote it, it turned out to be quite different. Turn out that you usually want to handle editing permissions, not just check permissions. The main interface that you'll deal with is usually IAuthorizationService: It has the three methods that I thought about (plus overloads), and with the exception of renaming Why() to GetAuthorizationInformation(), it is pretty much how I conceived it. That change was motivated by the desire to...
Interception as an extensibility mechanism
I got a request to allow system-mode for Rhino Security, something like this: using(Security.ActAsSystem())
{
// in here the security behaves as if you have permission
// to do everything
// queries are not enhanced, etc.
}
It is not something that I really want to allow, so I started to think how we can implement this, I came up with the following solution:
public class AuthorizationServiceWithActAsSystemSupport : IAuhorizationService
{
IAuhorizationService inner;
public AuthorizationServiceWithActAsSystemSupport(IAuhorizationService inner)
{
this.inner = innner;
}
private bool IsActAsSystem
{
get { return true.Equals(Local.Data["act.as.system"]); }
}
public bool IsAllowed(IUser user, string operationName)
{
if(IsActAsSystem)
return true;
return inner.IsAllowed(user, operationName);
}
public void AddPermissionsToQuery(IUser user, string operationName, ICriteria query)
{
if(IsActAsSystem)
return;
inner.AddPermissionsToQuery(user, operationName, query);
}
// .. the rest
}
Now, all we need to do is...
Rhino Security: Part II - Discussing the Implementation
I just finished testing an annoying but important feature, NHibernate's second level cache integration with Rhino Security. The security rules are a natural candidate for caching, since they change to change on an infrequent basis but are queried often. As such, it is obvious why I spent time ensuring that the whole thing works successfully. At any rate, what I wanted to talk about today was structure of the framework. You can see the table layout below. A few things to note: The tables are all in the "security" schema, I find that it makes more sense this...
Convention based security: A MonoRail Sample
I was asked how I would got about building a real world security with the concept of securing operations instead of data. This is a quick & dirty implementation of the concept by marrying Rhino Security to MonoRail. This is so quick and dirty that I haven't even run it, so take this as a concept, not the real implementation, please. The idea is that we can map each request to an operation, and use the convention of "id" as a special meaning to perform operation security that pertain to specific data. Here is the code: public class RhinoSecurityFilter...
Designing the Security Model
Right now I want to talk more deeply than merely the security infrastructure, I want to talk about how you use this security infrastructure. There are several approaches for those. One of them, which I have seen used heavily in CSLA, is to simply make the check in the properties. Something like this: public class Comment
{
public virtual IPAddress OriginIP
{
get
{
CanReadProperty(true);
return originIP;
}
set
{
CanWriteProperty(true);
originIP = value;
}
}
public virtual bool CanDelete() { ... }
}
We can move to a declarative model with attributes, like this:
[SecuredEntity]
public class Comment
{
[SecuredProperty]
public virtual IPAddress OriginIP
{
get { return originIP; }
set...
Rhino Security Overview: Part I
A few months ago I spoke about how I would build a security infrastructure for an enterprise application, I went over the design goals that I had and the failing of previous attempts. Since then, I got a few requests to implement that, and since this is really neat piece of work, I decided to go ahead and build it. The main goals, allow me to remind you, are: Flexible Performant Does not constrain the domain model Easy to work with Understandable No surprises You can read the post about it to get a feeling about what I had...