Ayende @ Rahien

My name is Oren Eini
Founder of Hibernating Rhinos LTD and RavenDB.
You can reach me by phone or email:


+972 52-548-6969

, @ Q c

Posts: 6,007 | Comments: 44,761

filter by tags archive

Interception as an extensibility mechanism

time to read 1 min | 181 words

I got a request to allow system-mode for Rhino Security, something like this:

	// in here the security behaves as if you have permission 
	// to do everything
	// queries are not enhanced, etc.

It is not something that I really want to allow, so I started to think how we can implement this, I came up with the following solution:

public class AuthorizationServiceWithActAsSystemSupport : IAuhorizationService
	IAuhorizationService inner;

	public AuthorizationServiceWithActAsSystemSupport(IAuhorizationService inner)
		this.inner = innner;

	private bool IsActAsSystem
		get { return true.Equals(Local.Data["act.as.system"]); }

	public bool IsAllowed(IUser user, string operationName)
			return true;
		return inner.IsAllowed(user, operationName);

	public void AddPermissionsToQuery(IUser user, string operationName, ICriteria query)
		inner.AddPermissionsToQuery(user, operationName, query);

	// .. the rest

Now, all we need to do is register it first:

component IAuthorizationService, AuthorizationServiceWithActAsSystemSupport

faciliy RhinoSecurityFacility

And that is it. This both answer the requirement and doesn't add the functionality that I don't like to the system.

Again, neat.



Where do you switch Local.Data["act.as.system"] on/off?

Ayende Rahien

using ( Security.ActAsSystem() )


// just something that set this



Then i don't get the thing you were trying to avoid. Checks all over the place "if is system do this" ?

Ayende Rahien

This means that I can ignore security in a global fashion without changing the code.

Comment preview

Comments have been closed on this topic.


No future posts left, oh my!


  1. Speaking (3):
    23 Sep 2015 - Build Stuff 2015 (Lithuania & Ukraine), Nov 18 - 24
  2. Production postmortem (11):
    22 Sep 2015 - The case of the Unicode Poo
  3. Technical observations from my wife (2):
    15 Sep 2015 - Disk speeds
  4. Find the bug (5):
    11 Sep 2015 - The concurrent memory buster
  5. Buffer allocation strategies (3):
    09 Sep 2015 - Bad usage patterns
View all series



Main feed Feed Stats
Comments feed   Comments Feed Stats