[jboss-user] [Security & JAAS/JBoss] - Session Beans with its own personal roles

dav_ua do-not-reply at jboss.com
Sun May 20 10:13:49 EDT 2007

How to assign own set of user roles for different Session Bean?s?

Here is business logic: we have users, gaining rights for calling Session Bean?s methods
depends on accessory to the group; group contains records in such form:
name of the Session-Bean -> list of roles available for the given bean;
roles define CRUD operations.


               void newClass(String name) { ... }

    List getAll() { ... }

               void remove(Long id) { ... }

            class SessionBeanB

                List getList() { ... }

                void changeUser(User u) { ... }


and groups with these roles for calling methods:

    SessionBeanA ?> { CREATE, READ }
    SessionBeanB ?> { UPDATE }

    SessionBeanA ?> { READ, DELETE }
    SessionBeanB ?> { READ, UPDATE }

Suppose that,
user User1 consisted in GroupFirst
user User2 consisted in GroupSecond,
then the table of available operations has view:

UserSessionBeanAvailable methodsUser1SessionBeanAnewClass()getAll() SessionBeanBchangeUser()

With such organization occurs necessity to define capacity of calling methods in different
Session Beans and user must have different rights for each of the Session-Bean.

Please, give an advice: how it all can be organized or, at least, in what
direction I should work?

(Maybe, dynamical change (on the fly) of user?s roles when we calling one
or another SessionBean will be right decision?
If yes, in which way I should go?)

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047058#4047058

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4047058

More information about the jboss-user mailing list