I can handle this in our service pretty easily. 1. Add properties to roles (giveAnonymous, giveAuthenticated) 2. In our endpoint that returns roles for a user, add those extra roles as appropriate
I will probably end up doing this for the time being. I think the same sort of thing could be done in the fotress API, but not sure how that affects the RBAC standard. ----- Original Message ----- From: "Shawn McKinney" <[email protected]> To: [email protected] Sent: Thursday, April 6, 2017 11:48:16 PM Subject: Re: Auth Anon Roles The javadoc describes usage of the authN validator: http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/util/AuthNValidator.html Again, the role still must be assigned. But there is no need to set a property on the role. You would need to extend this class for each role that has constraint based on their authentication status -- authenticated or not. > On Apr 6, 2017, at 10:31 PM, Shawn McKinney <[email protected]> wrote: > > >> On Apr 6, 2017, at 9:25 AM, Chris Pike <[email protected]> wrote: >> >> Was looking back at this issue >> (https://issues.apache.org/jira/browse/FC-127) and this conversation >> (http://mail-archives.apache.org/mod_mbox/directory-fortress/201512.mbox/browser). > > As it turns out, FC-127 was implemented. The validator is here: > > https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/util/AuthNValidator.java > > By reading the ticket it’s clear that we coded what I mentioned a few hours > ago. So the good news is I’m consistent, the bad news (for me) is that I > completely forgot that this code had actually been implemented. > > :-) > > Shawn
