guanxi moving to spring
Thu, Jul 26, 2007
With so many SAML2 profiles coming along I thought it was time I futureproofed Guanxi by moving to Spring. This should allow me to add new profiles more easily than the current standard servlet architecture. I hadn’t used Spring much when I started Guanxi but as I have loads more experience of it, I think it’s time to make the move. I’ve been looking at AOP in Sakai as part of the Guanxi integration, to hook logout calls from the VLE, to passively logout of the Guanxi IdP that is embedded in Sakai. So the move to Spring will harmonise all this work under the same framework.
The Spring move also ties in with the direction in which I’d like to take Guanxi. To make it an enterprise SAML based access solution. With the core Engine being in Java this simplifies satellite Guard development. I’ve already implemented a PHP Guard and Prof. Aggie Booth at Leeds has implemented a Python Guard. Interestingly, Aggie is also in the middle of porting the Engine to Python too.
As part of the redesign, which is mostly cosmetic as almost all the code can be used with little or no modification, I’ve defined a new org.guanxi.sp.guard.gateway package that will hold Java implementations of application gatekeepers. These are basically the rule engines for web applications. A Guanxi Guard only delivers attributes in a Pod, it doesn’t make any decisions on access to the application it’s guarding. In the new framework, that’s the job of an application gatekeeper.
I’ve implemented a Spring specific gatekeeper, org.guanxi.sp.guard.gateway.spring.Gatekeeper, which takes the Pod and applies access rules based on its attributes and their values. All the rules are injected via the application context config file for the bean, which is implemented as a Spring HandlerInterceptorAdapter.
The idea is that the Guanxi Guard sits at the root of an application, thus delivering a Pod to the application’s context and the Gatekeeper takes it from there.
I’ve also implemented a PHP Gatekeeper for Elgg, which works in exactly the same way as the Java Spring Gatekeeper. It takes the Pod from the PHP Guard and makes an access decision based on the attributes and values it finds in the Pod.
The Spring implementation of Guanxi should be ready by January next year.