[jboss-user] [Security & JAAS/JBoss] - Session Beans with its own personal roles
dav_ua
do-not-reply at jboss.com
Sun May 20 10:13:49 EDT 2007
How to assign own set of user roles for different Session Bean?s?
Here is business logic: we have users, gaining rights for calling Session Bean?s methods
depends on accessory to the group; group contains records in such form:
name of the Session-Bean -> list of roles available for the given bean;
roles define CRUD operations.
CODE:@Stateless
classSessionBeanA
{
@RolesAllowed("CREATE")
void newClass(String name) { ... }
@RolesAllowed("READ")
List getAll() { ... }
@RolesAllowed("DELETE")
void remove(Long id) { ... }
}
@Stateless
class SessionBeanB
{
@RolesAllowed("READ")
List getList() { ... }
@RolesAllowed("UPDATE")
void changeUser(User u) { ... }
}
and groups with these roles for calling methods:
GroupFirst
SessionBeanA ?> { CREATE, READ }
SessionBeanB ?> { UPDATE }
GroupSecond
SessionBeanA ?> { READ, DELETE }
SessionBeanB ?> { READ, UPDATE }
Suppose that,
user User1 consisted in GroupFirst
and
user User2 consisted in GroupSecond,
then the table of available operations has view:
UserSessionBeanAvailable methodsUser1SessionBeanAnewClass()getAll() SessionBeanBchangeUser()
User2SessionBeanAgetAll()remove()
SessionBeanAgetList()changeUser()
With such organization occurs necessity to define capacity of calling methods in different
Session Beans and user must have different rights for each of the Session-Bean.
Please, give an advice: how it all can be organized or, at least, in what
direction I should work?
(Maybe, dynamical change (on the fly) of user?s roles when we calling one
or another SessionBean will be right decision?
If yes, in which way I should go?)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047058#4047058
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4047058
More information about the jboss-user
mailing list