Hi
I need some help regarding role based access control mechanism at the
view level i.e on flex components. My requirement is simple - I have
flex page which has many controls like buttons, combox, textinput etc.
The users who access the page are grouped by roles. I want limit access
to components in the page. For example the 'Save' button should be
VISIBLE to a user with role 'ADMIN'. Another use case is a combobox
components should only be EDITABLE by a user with role 'ADMIN or SUPER'.
This could be more advanced; for example instead of controlling just one
component, we could control a block of MXML code like:
<custom:Authorize visible="ADMIN|SUPER" editable="SOMEUSER">
<mx:Button name="Save" />
<mx:Combobox name="Users" />
</custom:Authorize> (ofcourse visible attribute takes priority over
editable attribute). Again the features of such a robust view layer
security can be limitless. For example the above code just shows UI
Controls. It could have a mix of layout components, custom UI
components, and UI Controls. It could also support wildcards like |
(or), & (and), !(not). This is a common requirement in intranet
applications where there are many different types of business users
demarcated by roles. This type of components also reduces code
duplication. For example a flex page can be shown in VIEW_ONLY mode as
well as EDIT mode based on the user role instead of writing two
different flex pages. My mid tier has J2EE with spring + acegi.
Acegi has a cool JSP tag library <authz:authorize>which does a similar
thing - <authz:authorize ifAllGranted="ROLE_VIP, ROLE_GUEST">
Welcome USER <a href="...">Logoff</a> </authz:authorize> I know
flex doesnt have any such out-of-the-box component/functionality. Is
there anything out there which does something similar? I have some ideas
of how this can be implemented but if you can give some ideas it will
always help. Thanks
