Vinagre is the default frontend remote desktop viewer in Ubuntu 10.10. Unforuntely it doesn’t seem to cope particularly well with multiple people remotely controlling the same desktop, it starts to lag to the point of being useless.

Why render the whole desktop only to transport the whole GUI across a network I hear you ask? Well typically I would ssh into a box and work on the command line, or alternatively tunnel x over ssh if I wanted to interact through some GUI for some reason, but in this case I specifically want everyone to be able to see my movements on the source screen, thats because in the corner of our office we have a large “lighthouse” screen,  showing a build radiator, the music playing etc.

After searching around I settled on remmina, it supports VNC, RDP and SSH, is released under the GNU licencse, is under active development, is in the Ubuntu repos AND its rapid! Ticks every box :)

Learning something new is often put off because of a high entry threshold, something along the lines of

“I might be faster doing it that way but I can’t afford to take the time to learn”.

Keyboard shortcuts often fall into this category, the whole “vim vs any other text editor” debate a great example. Even the smallest effort to reduce this entry threshold is worth it as it drastically increases the chances you stop “putting it off”.  Thats why I spent some time looking for a collection of default shortcuts for Monodevelop, a tool I spend a huge amount of time using but rarely took the time to look a shortcut up as I feel I’m “fast enough” already… I found a great collection put together by Martijn Dijksterhuis. Martijn has designed this to be printed off. I’m not always in the same place so I’ve taken the time to reproduce it in html here. No excuse now :)

Text Editor		Window
Delete to end of line	CTRL +K	Next Window	CTRL + PgDn
Goto matching brace	CTRL + B	Prev Window	CTRL + PgUp
Move Line Down	ALT + DOWN	Jump between splits	CTRL + L
Move Line Up	ALT + UP	XmlEditor
Scroll Line Down	CTRL + DOWN	Run XSLT	CTRL + ALT + T
Scroll Line Up	CTRL + UP	Debug
Show Completion Window	CTRL + SPACE	Enable/Disable Breakpoint	CTRL + F9
Show Parameter List	CTRL + SHIFT + SPACE	Expression Evaluator	SHIFT + F9
View		Pause	CTRL + BREAK
Breakpoints	CTRL + D|B	Step Into	F11
Browse Next	F4	Step Out	SHIFT + F11
Browse Previous	SHIFT + F4	Step Over	F10
Call Stack	CTRL + D|C	Toggle Breakpoin	F9
Classes	ALT + SHIFT + C	Edit
Document Outline	CTRL + R|U	Copy	CTRL + C
Error List	ALT + SHIFT + E	Cut	CTRL + X
Files	ALT + SHIFT + F	Indent Selection	CTRL + ALT + END
Help	CTRL + F1	Join Lines	CTRL + SHIFT + J
Locals	CTRL + D|L	Lower case selection	CTRL + SHIFT + L
Navigate back	ALT + LEFT	Paste	CTRL + V
Navigate forward	ALT + RIGHT	Redo	CTRL + SHIFT + Z
Normal Size	CTRL + 0	Rename	F2
Properties	ALT + SHIFT + P	Select All	CTRL + A
Solution	ALT + SHIFT + S	Toggle All Folds	CTRL + SHIFT + A
Task List	ALT + SHIFT + T	Toggle Fold	CTRL + SHIFT + M
Toolbox	ALT + SHIFT + B	Toggle Line Comment	CTRL + ALT + C
Watch	CTRL + D|W	Undo	CTRL + Z
Zoom In	CTRL + “+”	Unindent Selection	CTRL + ALT + HOME
Zoom Out	CTRL + “-”	Uppercase Selection	CTRL + SHIFT + U
File		Search
Close All	CTRL + SHIFT + W	Clear bookmarks	CTRL + M|C
Close File	CTRL + W	Find in Files	CTRL + SHIFT + F
Create File	CTRL + F	Find Next	CTRL + G
Open File	CTRL + O	Find Next Selection	CTRL + F3
Print Preview	CTRL + SHIFT + P	Find Previous	CTRL + SHIFT + G
Print	CTRL + P	Find Prev Selection	CTRL + SHIFT + F3
Quit	CTRL + Q	Find	CTRL + F
Save	CTRL + S	Goto File	ALT + SHIFT + O
Save As	CTRL + SHIFT + S	Goto Line	CTRL + I
New Solution	CTRL + SHIFT + N	Goto Type	CTRL + SHIFT + T
Project		Next bookmark	CTRL + M|N
Build	F7	Prev Bookmark	CTRL + M|P
Build Solution	F8	Replace in Files	CTRL + SHIFT + H
Debug	F5	Replace	CTRL + H
Rebuild	CTRL + F7	Toggle Bookmark	CTRL + M|T
Rebuild Solution	CTRL + F8	Documentation
Stop	SHIFT + F5	Code documentation	/// (triple dash)
		Auto Task List triggers	FIXME,TODO,HACK, UNDONE

Recently I decided to update one of our projects to target .NET 4.0, running on Mono (2.10 currently), as well as the latest version of the Castle project (MR – 2.1, Windsor – 2.5.2, AR 3.0), mainly as I wanted to play with the code contracts, amongst other things. One of the stumbling blocks was Binsor, I couldn’t find a build server to grab the latest version of Binsor anywhere…

So, I compiled the latest version of Binsor and its dependencies against .NET 4.0 and the latest versions of Boo and Castle. The whole experience was fairly time consuming. I had to make various changes to code beyond updating libs.

My company runs a mono build agent for the Castle project, we plan to add some of these Rhino projects to the agent in the near future so that we can closer track these projects compatilbility. When I get some time I’ll clean up my changes and push my forks to github, and add the projects to the agent. For now, if it can save someone else the time, you can download my dll here

http://maccork.com/public/Rhino.Commons.Binsor.dll

Oh, I also compiled the Castle Active Record Facility against .NET 4 aswell

http://maccork.com/public/Castle.Facilities.ActiveRecordIntegration.dll

Ubuntu is developed on a 6 month rolling release cycle so even if you’re running the latest alpha, 11.04, natty, you still only get mono 2.6.7. If you want to target .NET 4 or simply want to use the latest version of Mono, then you’ll need to compile mono from source. My colleague, firegrass, has written a lovely script which does all the heavy lifting for you, you can pull the latest version here

https://github.com/firegrass/mono-installer-script

The script will ensure the correct dependencies are installed, check everything out from source, build in the correct order and importantly install all this in a parallel environment so that you still have access to the repo version of mono for applications like banshee, f-spot etc. You can even ask the script to pause after each install to review the progress. Aswell as the latest version of Mono you will get the Monodevelop trunk which includes support for git amongst other nice features.

If you clone the repo  you can also keep up to date with bleeding edge changes, as the script is used inhouse almost daily to keep upto date with the latest from the Mono project. The script elegantly supports being rerun regularly to update your install. If a scenario is not covered pull requests and questions are more than welcome :)

This is the part 3 of a series of posts on Rhino Security, which is an enterprise security framework built on top of NHibernate, by Ayende Rahien. In part 2 I looked at how Rhino Security works. Here I’ll look at getting it up and running. Again I’ll be referencing back to points I made in previous parts so I’m assuming you’ve read and understood them.

First up lets get some binaries. You can download the latest build here.

If you interested compiling from source you can grab it here. For the Mono chaps, I’m afraid the the Rhino Security build scripts are psake, which is an automation tool for Powershell, a Windows command line shell . There is a cross platform implementation of Powershell out in the wild but with limited functionality, so moving forwards its either writing a nant build script or investigating the aforementioned PASH.

We also need to grab the Common Service Locator as Rhino Security depends on this. Previous versions of Rhino Security used to depend on Castle Windsor but it can now be used with any IOC container, as it now depends on the CSL which is essentially an interface for IOC containers, more on this in a moment.

Essentially we need to do 7 things before we can start using Rhino Security on our project:

1. Register several Rhino Security services on our container so that our application can use them.
2. Configure our IOC container so when Rhino Security requests something which implements an ISession, the session is returned to it.
3. Configure the CSL to point to Windsor.
4. Augment our NHibernate configuration data with some Rhino Security table information.
5. Add some security keys on our entities.
6. Implement IUser on our user entity.
7. Add an entity information extractor so that Rhino Security understands our domain sufficiently.

Now to my specific setup, I’m using Castle Windsor as my IOC container, binsor to configure it, and the Castle NHibernate Facility. Rhino Security used to come with a facility you could simply reference in your config but now that it no longer depends on Windsor we need to write a custom facility (or extension point depending on your choice of container/preferred language)  to achieve our first 2 objectives. Using Windsor, my facillity looks like this

public class RhinoSecurityFacility : AbstractFacility
{
	protected override void Init ()
	{
		Kernel.Register (Component.For<IAuthorizationService> ()
			.ImplementedBy<AuthorizationService> ()
			.LifeStyle.PerWebRequest, 
			Component.For<IAuthorizationRepository> ()
			.ImplementedBy<AuthorizationRepository> ()
			.LifeStyle.PerWebRequest, 
			Component.For<IPermissionsBuilderService> ()
			.ImplementedBy<PermissionsBuilderService> ()
			.LifeStyle.PerWebRequest, 
			Component.For<IPermissionsService> ()
			.ImplementedBy<PermissionsService> ()
			.LifeStyle.PerWebRequest);

		Kernel.Resolver.AddSubResolver (new SessionResolver ());
	}
}

I start by registering Rhino Security services on the container. These services are transient to ensure that any call to that service grabs the current session. I then add a Session Resolver. There are several ways of configuring the session, you can use a factory method or make use of an ISubDependencyResolver, which is the method I have chose. The main reason for this is that the factory method implements IDisposable and can lead to memory leaks, though there are workarounds for this. Also this method would allow you to use multiple dbs, which you couldn’t achieve with the factory method.

Here is my Session Resolver

using Castle.Core;
using Castle.Facilities.NHibernateIntegration;
using Castle.MicroKernel;
using NHibernate;

	public class SessionResolver : ISubDependencyResolver
	{
		IKernel Kernel { get; set; }

		public object Resolve (CreationContext context, 
			ISubDependencyResolver contextHandlerResolver, 
			ComponentModel model, 
			DependencyModel dependency)
		{
			return Kernel.Resolve<ISessionManager> ().OpenSession ();
		}

		public bool CanResolve (CreationContext context,
			ISubDependencyResolver contextHandlerResolver,
			ComponentModel model,
			DependencyModel dependency)
		{
			return typeof(ISession).IsAssignableFrom (dependency.TargetType);
		}
	}

You notice that I am resolving the ISessionManager, this is something the NH facility provides me which manages the session. Essentially in here you need whatever manages your Unit of Work to return the current session.

Ok, first 2 down. Now step 3. I need to add a Windsor adaptor for the CSL, again written by Ayende Rahien

using System;
using System.Collections.Generic;
using Castle.Windsor;
using Microsoft.Practices.ServiceLocation;

public class WindsorServiceLocator : ServiceLocatorImplBase
{
	private readonly IWindsorContainer container;

	public WindsorServiceLocator (IWindsorContainer container)
	{
		this.container = container;
	}

	protected override object DoGetInstance (Type serviceType, string key)
	{
		if (key != null)
			return container.Resolve (key, serviceType);
		return container.Resolve (serviceType);
	}

	protected override IEnumerable<object> DoGetAllInstances (Type serviceType)
	{
		return (object[])container.ResolveAll (serviceType);
	}
}

And now to tell the Service Locator to use Windsor, I add this line where I have access to my container, as I’m dealing with a web app I add it in my Application_OnStart()

ServiceLocator.SetLocatorProvider (() => new WindsorServiceLocator (_container));

Step 4 can be achieved by a static method Rhino Security makes available to us.

Security.Configure<Person> (configuration, SecurityTableStructure.Prefix);

The Castle NHibernate facility allows you to modify the NHibernate configuration as its being constructed. Within my binsor NHibernate facility configuration I make a call to my specific configuration builder class, this implements IConfigurationBuilder, an interface provided by the Castle NHibernate facility. The method GetConfiguration accepts my facility configuration which I can then augment using the method above and then return. You can read more about how the facility works here. If your not using the Castle NHibernate Facility, at the point your Unit of Work code registers the ISessionFactory on the container you’ll want to augment your NHibernate config using the above code.

Step 5 and 6 are more time consuming than anything else, simply implement the IUser interface on your user entity and add a GUID security key on EVERY entity :)

Step 7, requires the addition of an entity information extractor, this is a class Rhino uses to understand the parts of our domain it needs to. Firstly Rhino Security needs to understand which property of your entity holds the SecurityKey. Secondly it needs to understand how to look up entities based on the key and return some meaningful information about it.

You can either write one for each entity or write a generic one, heres my generic one

public class EntityInformationExtractor<TEntity> : IEntityInformationExtractor<TEntity>
		where TEntity : Entity
	{
		private ISessionManager sessionManager;
		public EntityInformationExtractor (ISessionManager SessionManager)
		{
			sessionManager = SessionManager;
		}

		public Guid GetSecurityKeyFor (TEntity entity)
		{
			return entity.SecurityKey;
		}

		public string SecurityKeyPropertyName {
			get { return "SecurityKey"; }
		}
		
		public string GetDescription (Guid SecurityKey)
		{
			TEntity entity;
			var criteria = DetachedCriteria.For<TEntity> ().Add (Expression.Eq (SecurityKeyPropertyName(), SecurityKey));
			using (ISession session = sessionManager.OpenSession ()) {
				entity = criteria.GetExecutableCriteria (session).UniqueResult<TEntity> ();
			}
			return string.Format ("Event: {0}", entity.Name);
		}
	}

Method 1 and 2 deal with accessing the property which contains the Security Key, firstly when Rhino Security has the entity and secondly when it doesn’t. Method 3 reports on the entity in question. I just choose to return the entities name. I can do this generically as I have made my entire domain inherit from a class called entity which has the properties Id, Name and SecurityKey, hence why TEntity : Entity in this class.

Thats it. Configure your facility/extension on your container, add some Rhino Security tables in your database and you should be ready to start writing code!

I realise this may not all immediately make sense but it is worth having a good grounding on the principles of Rhino Security, before writing code.

Next post

Part 4: Using Rhino Security

In part 1 I looked at why we might choose to use Rhino Security, which is an enterprise security framework built on top of NHibernate, built by Ayende Rahien. Here I’ll look firstly at how Rhino Security integrates with your application and then how it works. I’ll be referencing back to points I made in part 1 so I’m assuming you’ve read and understood it.

Given that we want our security framework to actually augment queries for us then any solution is going to need to have some knowledge of the domain. Specifically it needs to be able to identify entities uniquely and retrieve some information about our user. The former so that it can differentiate entities based on some criteria and thus narrow our query and the latter so that it can tell us which user is being denied or allowed something. Rhino Security achieves these through an entity security key, a Guid place on every entity, and an IUser interface. A clean simple relationship allowing for any domain.

For complete freedom our security framework needs to allow us to define operations in any way we want. Equally the permission to perform that operation needs to be able to be attached to any user, and therefore group of users, aswell as being restricted to being performed on only a particular set of entities, be that just one, or a group. These concepts map very clearly to the domain objects in Rhino Security. An operation, whose description is a string, and can therefore be anything, has permissions on it which relate to users/user groups and can be related to entity/entity groups. Its that simple.

Next post

Part 3 : Setup/Configuration

For many, security can be an afterthought. When it comes to designing a project, emphasis tends to placed on a what a project will do rather than in what circumstances it can do it. Often is can be difficult to deal with when later.

You cannot avoid the fact that security is a cross app concern, all the way from deciding how the UI should be displayed to how data can be queried/persisted. How best to approach this then?

Unfortunately the common approach is to start to split functionality, so, only a particular group can do “this”, lets call them something that vaguely indicates who should access this functionality, say”admins”, and mark those users in some persistent way, giving them a role. We then begin to query this ending up with all sorts of checks across our entire application, typically saying if a user has a particular role, they can do “this”.

To decide on a best approach we need to first recognise our problems.

In the scenario described, the first major problem is that our control is in no way inverted. We cannot ask a central service, given a user can they do/see this? We can only say do they have this role. If we decide to change our roles… argh! Even if we just add roles, we need more checks, lots of code to add again. If instead of checking a role, we could actually pass a description of what was happening to a central service, call it an operation say, something that is inherent to that part of the code or UI, that defines whats actually happening, we could make wholesale changes to who could do what and that code would remain unaffected. All that method would care about about is passing an operation, whats actually happening then, and then getting an answer back, yes or no.

The second major problem is that our roles will eventually become inherently linked to data. Not only do we need to stop people doing “this”, in any complex application we need to stop them doing this under particular circumstances, or even stop them seeing something. This will be typically related to data and means we will want to augment queries based on these restrictions. In our role scenario we essentially have operations, and query information baked together as one. Unless we separate them somehow we’re going to end up with LOTS of roles. Ideally we need to be able to to ask our central service, can this user do this and get back, yes but only with this data.

These problems only increase when we want to start letting our clients define/configure permissions themselves…

BUT what if we could write something like?

public bool IsAllowed(Operation, User, Entity);

Enter Rhino Security. It is an enterprise security framework that integrates with NHibernate, built by Ayende Rahien. It attempts to solve these problems by making, among others, 3 key distinctions:

• Security is about operations.
• Simplicity/flexibility is key, the burden is on the infrastructure, after all data is cheap.
• Permissions should do the work of enhancing queries for you.

Sounds good? I know.

Next post

Part 2 – How does it work?