I have a situation in which it would be convenient to be able to define
pseudo roles in my application. By this I mean a role that exists only in
the Acegi Security configuration and not in the back-end datastore. A
pseudo role would be defined based on existing real roles.
Say the following roles are explicitly defined in the datastore behind a
DAO provider:
ROLE_A
ROLE_B
ROLE_C
ROLE_D
ROLE_E
I would like to be able to define a role within Acegi Security that
aggregates multiple roles into one. For example:
ROLE_X=ROLE_A,ROLE_B,ROLE_C
ROLE_Y=ROLE_D,ROLE_E
Where ROLE_X means any of the roles on the right hand side. In other words,
ROLE_X is equivalent to ROLE_A, ROLE_B or ROLE_C. In my application I only
care about whether the user has ROLE_X or ROLE_Y.
I understand that this can be accomplished a few different ways in Acegi
Security. I am looking for suggestions as to what might be the best
approach. Here are a couple possibilities I can think of.
1. Implement an AuthenticationProvider that wraps other providers and
adds pseudo roles based on its configuration.
2. Implement a custom RoleVoter that knows about role equivalence.
I lean toward the first option. Is there already something out there that
does what I need? Is there a better way than what I have suggested above?
Thanks,
Matt DeHoust
Dollar Tree Stores, Inc.
757.321.5668
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
