Lithium Access Control

Question

I need to control who or what role gets access to what page or what method. Something like the class and method anotations on ASP MVC or Spring JAVA.

How can I do this in lithium?

Mehdi Lahmam B. · Accepted Answer · 2012-01-06T03:26:10.527

2

There is no built-in complete ACL functionality on Lihtium's core, beauce there is no really solution to ACLs problem.

Hopefully, Lithium is kick-ass when it comes to deal with external libraries and plugin to extend the core functionality.

Take a look to li3_access which is the most complete and flexible plugin or ACL out there, or simpler solutions.

If your only need is to specify which actions are public and which not, you can dot it using Lithium filters: Read the guide

PS: Zed Shaw - The ACL is Dead http://vimeo.com/2723800

edited Jan 06 '12 at 03:26

answered Jan 05 '12 at 23:12

Mehdi Lahmam B.

1

For something very simple, just start with `Auth`: http://dev.lithify.me/drafts/source/en/06_auth/simple-authentication.wiki – greut Jan 06 '12 at 09:20
Planning to update li3_simple_acl in the next couple weeks. I also got feedback from Jim Manico, a security expert from OWASP. He is writing a cheatsheet for ACL in the first quarter of this year. Some ACL considerations that prompted me to write my own: https://lists.owasp.org/pipermail/owasp-esapi/2008-July/000256.html "WE need to get away from the horror of referencing roles directly in code." – joedevon Jan 06 '12 at 17:12

1 Answers1