Hi, On Mon, Dec 9, 2013 at 11:23 AM, Tommaso Teofili <[email protected]> wrote: > on friday Jukka, Simo and me quickly discussed this over the chat as Jukka > had an idea on how to accomplish that with, if I recall correctly, a quite > dynamic approach which didn't imply changing the already existing ACLs. > Maybe Jukka and / or Simo had a chance to follow up on that.
Assuming a working JAAS setup, you can configure a custom "optional" LoginModule that adds extra principals to the current subject based on whatever criteria you want (source IP, HTTP header, phase of the moon, etc.). It should then be possible to use such "dynamic" principals in normal ACLs, for example to make a particular subtree accessible only during full moon. BR, Jukka Zitting
