[jboss-dev-forums] [Design of JBoss jBPM] - Re: commands & EJB 3

tom.baeyens@jboss.com do-not-reply at jboss.com
Fri Feb 9 03:02:24 EST 2007 

"camunda" wrote : Hi Tom,
  | 
  | okay, the idea sounds nice. As a Java-EE guy JACC is new to me, but no problem :-)
  | 
don't try to read the spec.  it's really unreadable.  if you give me some time and push me with your questions, i should be able to handle the JACC stuff.  

"camunda" wrote : 
  | Okay, I found the AuthorizationService (-Interface).  I haven't found any good informations on the "EJBRoleRefPermission", not even with Google! But okay, to get it working with JAAS should not be a big deal. I will try that and come back, if there are any problems.
  | 

"camunda" wrote : 
  | 
  | One problem I just want to pass to you Tom: Can you add the AuthorizationService to the jbpmContext? Or shall I try to do that by myself?
  | 

fetch it from the thread local.  JbpmContext.getCurrentContext() or something like that.  See how the other services get the jbpmContext.  I know there are a few services that do that (not all, though).  

"camunda" wrote : 
  | And one problem remains: How we do the mapping between commands and roles? Going by Command-Name is not the best idea, I think. 2 other ideas:
  | - introduce a mapping-file (CommandName, required-roles)
  | - add the method to the CommandInterface as suggested
  | 

mapping between commands and roles will be hard coded (or later maybe in a configuration file) in the AuthorizationService implementation.

"camunda" wrote : 
  | 
  | The first one is maybe more flexible, but to have everything in java more handy. And special solutions (like "this guy is only allowed for processes of that organizational unit") has to be implemented by hand anyway. So I would prefer the second way, but what do you prefer for that?
  | 

adding a method in the command interface is not good.  it should be in self contained in the Authorization service.  But in there, you have the option of using a configuration file or hard coded approach.  i would suggest to start with the hard coded approach.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4013487#4013487

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4013487

More information about the jboss-dev-forums mailing list