One of the missing pieces from the current discussion on the
Authorization API is the identity model. At present we have a very
simplistic User class, however we still need to add support for Group
and Role. My recommendation for this is to base it roughly on the
design of the PicketLink API, which has a base interface called
IdentityType:
public interface IdentityType
{
String getKey();
}
The getKey() method returns a unique identifier for the User, Group or
Role. The User, Group and Role interfaces then extend IdentityType:
public interface User extends IdentityType
{
String getId();
}
getId() returns the username, the same as it currently does.
public interface Group extends IdentityType
{
String getName();
}
getName() returns the name of the group.
public interface Role extends IdentityType
{
Group getGroup();
String getRoleName();
}
getGroup() returns the role's group.
getRoleName() returns the name of the role.
So, to extend on my e-mail of yesterday about Permission Management, the
Permission class (which I did not describe at the time) would look like
this:
public class Permission
{
public IdentityType getRecipient();
public Object getResource();
public String operation;
}
The recipient, being of type IdentityType would then allow permissions
to be granted to either a User, a Group or a Role.
