So, what exactly would need modified? 1. Create admin objects and permissions in ldap 2. Add a method to access manager to set the admin session 3. Add setEntitySession methods into the access manager method implementations?
----- Original Message ----- From: "Shawn McKinney" <[email protected]> To: [email protected] Sent: Tuesday, February 9, 2016 5:17:35 PM Subject: Re: Access Manager Permissions > On Feb 9, 2016, at 3:36 PM, Chris Pike <[email protected]> wrote: > > Using oauth bearer token in HTTP header to determine user. How would the the > policy work, just do a check to see if user is in the > "fortress-rest-access-user" role? Well that is coarse-grained but would work. Better is to establish a session using userId from the token and set into manager as discussed previously. This requires the before mentioned change to accessMgr (to do perm check) but the more I think about this use case, the better this approach sounds. Shawn
