[jboss-dev-forums] [Design of JBoss Portal] - missing groups for role assignments

[bvogt]

Hi,

I got the impression, that the portal is missing an interesting portal 
feature: adding portal functionality to groups of users.

I've thought a while about this, looked at the svn-sources and believe it's not
contained within the v2.6 LDAP solution.

Therefore I would like to provide this functionality based on the 2.4 branch, 
but need some information about the v2.6 LDAP solution design in order to take 
it into consideration for my improvements.

Some background information, currently we have:

1. Portal-users and -groups are stored in an LDAP tree, which is asynchronously 
   changed by an entitlement system
2. Portal functionality (pages) are assigned to (LDAP-)groups
3. Users get all portal roles of all groups they are member of

This leads to an automatic entitlement for portal users with no effort at the 
portal side.

My solution could be:

1. Users and roles are still stored in the database
2. Introducing new DB objects: jbp_groups, jbp_group_membership, jbp_group_roles
3. Introducing a new RoleModule derived from the existing one, which provides a
   method like: Set getRolesByGroupMembership(User user);
4. Introducing a new LoginModule which uses the new RoleModule to do after 
   successful login:
   - Remove all roles assigned to the user
   - add all roles assigned to groups where the user is member of to the user
   
Would this be useful considering the portal design, or not?

Burkhard

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3975604#3975604

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3975604