Ayende @ Rahien

My name is Oren Eini
Founder of Hibernating Rhinos LTD and RavenDB.
You can reach me by phone or email:


+972 52-548-6969

, @ Q c

Posts: 6,026 | Comments: 44,842

filter by tags archive

Interception as an extensibility mechanism

time to read 1 min | 181 words

I got a request to allow system-mode for Rhino Security, something like this:

	// in here the security behaves as if you have permission 
	// to do everything
	// queries are not enhanced, etc.

It is not something that I really want to allow, so I started to think how we can implement this, I came up with the following solution:

public class AuthorizationServiceWithActAsSystemSupport : IAuhorizationService
	IAuhorizationService inner;

	public AuthorizationServiceWithActAsSystemSupport(IAuhorizationService inner)
		this.inner = innner;

	private bool IsActAsSystem
		get { return true.Equals(Local.Data["act.as.system"]); }

	public bool IsAllowed(IUser user, string operationName)
			return true;
		return inner.IsAllowed(user, operationName);

	public void AddPermissionsToQuery(IUser user, string operationName, ICriteria query)
		inner.AddPermissionsToQuery(user, operationName, query);

	// .. the rest

Now, all we need to do is register it first:

component IAuthorizationService, AuthorizationServiceWithActAsSystemSupport

faciliy RhinoSecurityFacility

And that is it. This both answer the requirement and doesn't add the functionality that I don't like to the system.

Again, neat.



Where do you switch Local.Data["act.as.system"] on/off?

Ayende Rahien

using ( Security.ActAsSystem() )


// just something that set this



Then i don't get the thing you were trying to avoid. Checks all over the place "if is system do this" ?

Ayende Rahien

This means that I can ignore security in a global fashion without changing the code.

Comment preview

Comments have been closed on this topic.


No future posts left, oh my!


  1. Technical observations from my wife (3):
    13 Nov 2015 - Production issues
  2. Production postmortem (13):
    13 Nov 2015 - The case of the “it is slow on that machine (only)”
  3. Speaking (5):
    09 Nov 2015 - Community talk in Kiev, Ukraine–What does it take to be a good developer
  4. Find the bug (5):
    11 Sep 2015 - The concurrent memory buster
  5. Buffer allocation strategies (3):
    09 Sep 2015 - Bad usage patterns
View all series


Main feed Feed Stats
Comments feed   Comments Feed Stats