[mophor]

Any plans to implement an authentication/authorization annotation?

If not, I hereby would like to share some thoughts

- authentication should be stateless (cookie based)
- authentication should be checked against a model
- this (user) model should require at least a username and password property (or properties annotated as username and password?)
- should authorization be based on user levels / user roles / other mechanisms?
- should authentication be on controller class level or controller method level? or both?

any thoughts?

[beline]

I am working on one currently:
- the annotation will work on either the controller or method level
- will be permission based (with roles having permissions)
- will be stateless (cookie) with the username and hash as the identifiers
- authentication will be checked against the user model
- subsequent requests against a sessions model, with datetime opened, and last active (supporting timeout)
- roles can be managed
- users require an email and an activation hash
- actions (anything requiring clearance) can be logged, or just particular items of clearance

And a few other things. I can port it to Git at some point and make it a community project if people would like... Not within the next week or so though.

[mophor]

That would be great, can you give a little insight in your progress?

[beline]

Well, so I currently fail at getting Git to work on my Mac. I followed the tutorial on the Git website, but something went bunk and now I can't get anywhere.

Progress is slow, I've got a metric ton of school work atm. The basic implementation shouldn't take but a day. Right now I am developing what my needs are and doing basic unit testing of code, seeing if various things I want to do are possible... Grrrr. PM me.