Is there a recommended way to pursue per-user or group-based access
permission? We're currently hooking into our ldap system for login, and
would like to be able to set up "groups" (not necessarily in ldap) of
users with access control to view or edit particular blogs.
It seems like this could be done by injecting new user "roles" into the
database, and then setting a url pattern match in security.xml, but it
also seems like this is both generally ugly, and liable to cause
nightmares during future roller upgrades.
Any thoughts or pointers that would minimize both short and long-term
pain would be most appreciated.
jonathan.
- user/group based access control jonathan
-
