Hi!
Beans usually have custom security business requirements -- not only purely
role-based ones.
A simple example is that only the owner of account can modify it (Admin
also).
Can anyone offer a good solution or at least the direction where I should go
in order to externalize there security business rules to some extent. My
goal is:
* Each role has a set of permissions assigned to it.
* Role-Permissions assignments can be modified at runtime by Administrator
role
* Security checks inside beans' methods are based on permissions associated
with caller's Principal
I would like to have my business methods look like this:
AccountBean.java ...
public void saveAccount()
{
...
principal = getCallerPrincipal()
..
Security.isAccountWriteable(principal, roleListTakenFromContext,
thisAccount's ID or whatever information needed);
...
}
Link to good resources and books appreciated.
Alexander Klyubin
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
