a19b8e1d16428cd6f369f526efc214ed200fbf05
Home.md
| ... | ... | @@ -19,9 +19,27 @@ SAP is at the center of today’s technology revolution, developing innovations |
| 19 | 19 | * [[General Project Information|wiki/info/general/general-information]] |
| 20 | 20 | * [[Project History|wiki/info/general/project-history]] |
| 21 | 21 | |
| 22 | -### Landscape |
|
| 22 | +### Development |
|
| 23 | 23 | |
| 24 | -* Architecture and Infrastructure |
|
| 24 | +* [[Development Environment|wiki/info/landscape/development-environment]] |
|
| 25 | +* [[Typical Development Scenarios|wiki/info/landscape/typical-development-scenarios]] |
|
| 26 | +* [[Building and Deploying|wiki/info/landscape/building-and-deploying]] |
|
| 27 | +* [[Continuous Integration with Hudson/Jenkins|wiki/howto/development/ci]] |
|
| 28 | +* [[Dispatch|wiki/howto/development/dispatch]] |
|
| 29 | +* [[Working with GWT UI Binder|wiki/howto/development/gwt-ui-binder]] |
|
| 30 | +* [[Java De(Serialization) and Circular Dependencies|wiki/howto/development/java-de-serialization-and-circular-dependencies]] |
|
| 31 | +* [[Create boat graphics for the 2D race viewer|wiki/howto/development/boatgraphicssvg]] |
|
| 32 | +* [[JMX Support|wiki/howto/development/jmx]] |
|
| 33 | +* [[Working with GWT Locally|wiki/howto/development/local-gwt]] |
|
| 34 | +* [[UI Tests with Selenium|wiki/howto/development/selenium-ui-tests]] |
|
| 35 | +* [[Profiling|wiki/howto/development/profiling]] |
|
| 36 | +* [[Working with GWT Super Dev Mode|wiki/howto/development/super-dev-mode]] |
|
| 37 | +* [[Training of internal Wind Estimation models|wiki/howto/windestimation]] |
|
| 38 | +* [[Whitelabelling|wiki/howto/whitelabelling]] |
|
| 39 | +* [[Secured Settings|wiki/howto/development/secured-settings]] |
|
| 40 | +* [[Webdesign|wiki/info/landscape/webdesign]] |
|
| 41 | + |
|
| 42 | +### Architecture and Infrastructure |
|
| 25 | 43 | * [[Workspace, Bundles, Projects|wiki/info/general/workspace-bundles-projects-structure]] |
| 26 | 44 | * [[Runtime Environment|wiki/info/landscape/runtime-environment]] |
| 27 | 45 | * [[Basic architectual principles|wiki/info/landscape/basic-architectural-principles]] |
| ... | ... | @@ -32,8 +50,11 @@ SAP is at the center of today’s technology revolution, developing innovations |
| 32 | 50 | * [[Internationalization (i18n)|wiki/howto/development/i18n]] |
| 33 | 51 | * [[AI Agent|wiki/info/landscape/ai-agent]] |
| 34 | 52 | * [[Malware Scanning|wiki/info/landscape/malware-scanning]] |
| 35 | -* [[RaceLog Tracking Server Architecture|wiki/info/landscape/server]] |
|
| 53 | + * [[RaceLog Tracking Server Architecture|wiki/info/landscape/server]] |
|
| 36 | 54 | * Environment Overview [[PDF|wiki/info/mobile/event-tracking/architecture.pdf]] | [[SVG|wiki/info/mobile/event-tracking/architecture.svg]] |
| 55 | + |
|
| 56 | +### Landscape |
|
| 57 | + |
|
| 37 | 58 | * Amazon |
| 38 | 59 | * [[Amazon EC2|wiki/info/landscape/amazon-ec2]] |
| 39 | 60 | * [[Upgrading ARCHIVE server|wiki/info/landscape/archive-server-upgrade]] |
| ... | ... | @@ -51,28 +72,9 @@ SAP is at the center of today’s technology revolution, developing innovations |
| 51 | 72 | * [[Downloading and Archiving TracTrac Events|wiki/howto/downloading-and-archiving-tractrac-events]] |
| 52 | 73 | * [[Data Mining Architecture|wiki/info/landscape/data-mining-architecture]] |
| 53 | 74 | * [[Typical Data Mining Scenarios|wiki/info/landscape/typical-data-mining-scenarios]] |
| 54 | -* [[Webdesign|wiki/info/landscape/webdesign]] |
|
| 55 | 75 | * [[sail-insight.com website|wiki/info/landscape/sail-insight.com-website]] |
| 56 | 76 | * [[Docker Registry|wiki/info/landscape/docker-registry]] |
| 57 | 77 | |
| 58 | -### Development |
|
| 59 | - |
|
| 60 | -* [[Typical Development Scenarios|wiki/info/landscape/typical-development-scenarios]] |
|
| 61 | -* [[Building and Deploying|wiki/info/landscape/building-and-deploying]] |
|
| 62 | -* [[Create boat graphics for the 2D race viewer|wiki/howto/development/boatgraphicssvg]] |
|
| 63 | -* [[Continuous Integration with Hudson/Jenkins|wiki/howto/development/ci]] |
|
| 64 | -* [[Dispatch|wiki/howto/development/dispatch]] |
|
| 65 | -* [[Working with GWT UI Binder|wiki/howto/development/gwt-ui-binder]] |
|
| 66 | -* [[Java De(Serialization) and Circular Dependencies|wiki/howto/development/java-de-serialization-and-circular-dependencies]] |
|
| 67 | -* [[JMX Support|wiki/howto/development/jmx]] |
|
| 68 | -* [[Working with GWT Locally|wiki/howto/development/local-gwt]] |
|
| 69 | -* [[UI Tests with Selenium|wiki/howto/development/selenium-ui-tests]] |
|
| 70 | -* [[Profiling|wiki/howto/development/profiling]] |
|
| 71 | -* [[Working with GWT Super Dev Mode|wiki/howto/development/super-dev-mode]] |
|
| 72 | -* [[Training of internal Wind Estimation models|wiki/howto/windestimation]] |
|
| 73 | -* [[Whitelabelling|wiki/howto/whitelabelling]] |
|
| 74 | -* [[Secured Settings|wiki/howto/development/secured-settings]] |
|
| 75 | - |
|
| 76 | 78 | ### Mobile |
| 77 | 79 | |
| 78 | 80 | * [[Mobile Development|wiki/info/mobile/mobile-development]] |
wiki/info/landscape/development-environment.md
| ... | ... | @@ -20,7 +20,7 @@ Everything else should follow the pattern |
| 20 | 20 | - when build is "green," suggest your branch for review; so far we do this informally by assigning the Bugzilla issue to the reviewer and in a comment asking for review; in the future, we may want to use Github Pull Requests for this |
| 21 | 21 | - after your branch has been merged into ``main``, disable your Hudson build job for your branch |
| 22 | 22 | - the ``main`` branch will then build a new release that you can roll out into the production landscape |
| 23 | -- in case of changes to i18n-related message properties files, merge ``main`` into ``translation`` which triggers the translation process; the completed translations will arrive as pushes to the ``translations`` branch, triggering another ``release`` workflow, and---if successful---an automated merge into ``main`` with the corresponding build/release process again |
|
| 23 | +- in case of changes to i18n-related message properties files, merge ``main`` into ``translation`` which triggers the translation process; the completed translations will arrive as pushes to the ``translations`` branch, triggering another ``release`` workflow, and---if successful---an automated merge into ``main`` with the corresponding build/release process happens, based on the [translation Hudson job](https://hudson.sapsailing.com/job/translation/configure)'s special logic |
|
| 24 | 24 | - a successful ``main`` build (still on Java 8) will lead to an automatic merge into one or more branches for newer Java releases (such as ``docker-24``) with the corresponding build/release process |
| 25 | 25 | |
| 26 | 26 | Be eager to equip your features and functions with tests. There should be enough examples to learn from. For UI testing, use Selenium (see the ``java/com.sap.sailing.selenium.test`` project). |
wiki/info/landscape/usermanagement.md
| ... | ... | @@ -2,7 +2,7 @@ |
| 2 | 2 | |
| 3 | 3 | This document describes the basics of how the Shiro framework has been selected and is being used to implement role-based access control. See [Permission Concept](/wiki/info/security/permission-concept) to understand how, based on Shiro, a security architecture with user groups, users, qualified roles, ownerships and access control lists works. |
| 4 | 4 | |
| 5 | -As a feature of the Sports Sponsorships Engine (SSE) which underlies the SAP Sailing Analytics, our Tennis engagements, parts of the Equestrian contributions and in the future perhaps more, we are about to introduce user management to the platform. Based on [Benjamin Ebling's Bachelor thesis](/doc/theses/20140915_Ebling_Authentication_and_Authorization_for_SAP_Sailing_Analytics.pdf) we are introducing [Apache Shiro](http://shiro.apache.org) to the platform. Our Bugzilla has a separate [component for User and Account Management](http://bugzilla.sapsailing.com/bugzilla/buglist.cgi?query_format=advanced&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&component=User%20and%20Account%20Management&product=Sailing%20Race%20Analytics) that documents the open issues. |
|
| 5 | +As a feature of the Sports Sponsorships Engine (SSE) which underlies the Sailing Analytics, our Tennis engagements, parts of the Equestrian contributions and in the future perhaps more, we are about to introduce user management to the platform. Based on [Benjamin Ebling's Bachelor thesis](/doc/theses/20140915_Ebling_Authentication_and_Authorization_for_SAP_Sailing_Analytics.pdf) we are introducing [Apache Shiro](http://shiro.apache.org) to the platform. Our Bugzilla has a separate [component for User and Account Management](http://bugzilla.sapsailing.com/bugzilla/buglist.cgi?query_format=advanced&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&component=User%20and%20Account%20Management&product=Sailing%20Race%20Analytics) that documents the open issues. |
|
| 6 | 6 | |
| 7 | 7 | [[_TOC_]] |
| 8 | 8 | |
| ... | ... | @@ -133,6 +133,12 @@ The `LoginPanel` component may be used by applications to display sign-up/sign-i |
| 133 | 133 | |
| 134 | 134 | We plan to turn the `UserManagementPanel` which is the widget behind the `UserManagementEntryPoint` into a drop-in component for a generalized administration console concept. So, when the AdminConsole becomes an SSE concept then the user management tab can be made available to all applications using the AdminConsole concept. See also bugs [2424](http://bugzilla.sapsailing.com/bugzilla/show_bug.cgi?id=2424) and [2425](http://bugzilla.sapsailing.com/bugzilla/show_bug.cgi?id=2425). |
| 135 | 135 | |
| 136 | +## Authorization Checks |
|
| 137 | + |
|
| 138 | +We generally check authorizations in our GWT RPC service implementations, and in our REST API service implementations. As a common pattern, both these types of service implementations will start with performing the necessary authorization check, and only then obtain an underlying OSGi service, such as ``RacingEventService`` for sailing-related things, or ``SecurityService`` for security, user, role and permission management, and invoke the actual "business logic." This keeps our business logic mostly free of authorization checks. |
|
| 139 | + |
|
| 140 | +This also means that filtering responses based on the permissions happens not in the business logic but at the "API level," so in the GWT RPC service method implementation or the REST API servlet method implementation. |
|
| 141 | + |
|
| 136 | 142 | ## Sample Session |
| 137 | 143 | |
| 138 | 144 | When you try to reach a protected resource without having the necessary permissions, Shiro will redirect you to the sign-in page. |