How to,,,, [message #1224427] |
Thu, 26 December 2013 18:03 |
Walter Mising name Messages: 128 Registered: July 2009 |
Senior Member |
|
|
I love scout.... However to be adopted in big organizations, few critical aspects should be enhanced.
1. Passwords must be encrypted - config.ini, sql service. UI to key in the password - dual custodians.
2. Environment specific values should be externalized - database in UAT & PROD are different - sql service, root filesystem path -RemoteFile, log levels turning on or off dynamically, masking of confidential data in sql log output. Having entries in config.ini and bundling it for prod env by dev team is not a best practice. Env specific configuration should not leave the server.
3. Authentication SSO integration out of the box - siteminder
4. Incremental deployments - deploy only changed plugins
5. Rollback changes
6. Reusability of scout applications. App1 is an app meeting a specific business requirement. Admin app is another app to manage users & entitlements. How can both apps be combined to provide complete solution without adding any app specific details in admin app. Admin app will also be used in App2. The UI or entitlement structure will not change, though the underlining data will be app specific.
7. Show outline based on user entitlements
|
|
|
|
Re: How to,,,, [message #1229476 is a reply to message #1224427] |
Thu, 09 January 2014 14:22 |
Matthias Villiger Messages: 232 Registered: September 2011 |
Senior Member |
|
|
Hi Walter,
We are happy that you like Scout!
And sorry for the late reply!
Here some comments to your aspects:
1.
I agree. And we have done that for some customers as well. We store the encrypted password as a base64 encoded string in the config.ini.
This value is then passed to the setPassword method in your sql service. By overwriting this method you can decrypt the input first by using the algorithm you prefer.
Refer to the javax.crypto package for more details on how to use cryptography in Java.
If you want to use strong cryptography you may need the Java Cryptography Extensions (see JCE)
To encrypt a new password we created a small java application that requests the new password and then answers with the encrypted version (base64 encoded) so that it can be stored in the config.ini
2.
All environment specific values should be configured in the config.ini file. There you may also use placeholders (e.g. @@DB_SERVER_NAME@@) to create an environment unspecific package. Before deploying the package to a specific instance you then just have to replace all the placeholders (using a build/deployment tool, shell script, application, by hand, ...).
You can always change the log levels of a running scout application by accessing the process servlet (e.g. .../myApp/process). You can also configure the default log levels in the config.ini file.
To mask log entries you must provide your own log manager. There is a howto that explains this using log4j as example. In your own logger you then can apply all your filtering rules.
3.
Scout already includes support for authenticating against a LDAP server. See the corresponding howto to setup a LDAP security filter.
4.
There is an updater released on the eclipse marketplace called F2. This updater is capable to do incremental deployments for the clients. It even can update only changed files within an archive (like a .jar) to minimize the data download for clients. There is a tutorial that explains how to integrate F2 in your project.
5.
Which changes do you want to rollback? If you mean after upgrading the client installations then F2 may also solve this. Please see the concept page for a detailed description of the F2 updater.
6.
A Scout application can be dived into several modules. There is also a tutorial with a small example how a module can contribute content to a main application. Such modules can be used by several applications. So in your example the Admin app may be such a module.
7.
You can show/hide a lot of entities based on user permissions. Please see the mini-crm-tutorial for more details on how to deal with permissions.
To hide e.g. an outline for some users you can set the visible permission:
@Override
protected void execInitTree() throws ProcessingException {
setVisiblePermission(new MyAdminPermission());
}
Only users having the necessary permissions will see the Outline. Please see here to learn how to load all permissions for a user.
These permissions can be set for lots of elements (form fields, forms, outlines, pages, etc.) and modes (visible, enabled/disabled).
I hope this helps and covers the aspects you are missing. If you have any further questions or are missing any features, please don't hesitate to ask!
kind regards,
matthias
|
|
|
Powered by
FUDForum. Page generated in 0.01960 seconds