Security Extension Points¶
Nearly every item in security can be extended or replaced. This page will cover some of the key points for extending security.
Server Extensions¶
Security at the server level implements ISecurityManager. This interface handles the core functionality of security including:- Logging on/off
- Session management
- Retrieving users and permissions
- Checking permissions
- Logging audit events
- Retrieving audit events
- Password management
Most of the time, these are passed onto other interfaces that implement the actual functionality. However this interface acts as the co-ordinator for all this functionality.
Rather than completely implementing this functionality from scratch, there is an abstract base class which provides a basic implementation of most of this functionality. This class is called SecurityManagerBase. This class implements session management, audit logging and reading and authentication. This functionality is provided through implementations of the other security interfaces.
Project Extensions¶
Security at the project level implements IProjectAuthorisation. This interface implements checking permissions at the project level.
The default implementation of this class will hand over permission checking to an implementation of IPermission (assuming there is a valid permission for the user.)
Permissions¶
All permissions implement IPermission. This interface exposes two methods:- CheckUser(): this will check to see whether the permission is valid for the current user.
- CheckPermission(): this performs the actual check to return the permission (e.g. Allow, Deny, Inherit).