Would JDO query be a candidate (assuming the query text can be associated with an object and loaded from a persistent source at run-time and then executed)?
Regards, David. ________________________________ From: David Tildesley <davo...@yahoo.co.nz> To: users <users@isis.apache.org> Sent: Wednesday, 7 August 2013 6:44 PM Subject: rules externalised from the code Hi, We are looking at building a RBAC capability that evaluates security entitlements for users. The business rule to determine an effective role may be based on a combination of the users attributes. e.g. job title, organisation unit, location, organisation. The rules are not going to be all that complicated e.g. if ((user.jobTitle.name == "case worker")) AND (user.org.name == "companyA") AND (user.location.code == "NY")) then addRole(user, securityRole) but we don't want to have to recompile the application each time a rule changes or a rule is added or removed. Options? e.g. DROOLS rule engine (seems a bit too heavy weight for what we want to achieve). In our case the application is built using ISIS and already contains a domain that has all the HR context required for RBAC determinations. i.e. a full object graph containing all the input information to the RBAC rule would be available.The solution would need to fit nicely with ISIS. Any ideas would be appreciated. N.B. do not get confused with Shiro security for the application - that's orthogonal to the functional capability that we are wanting to build.And yes, I know we can go and buy specialized products that do this functional capability but we have good reasons for not going down that path. Thanks in advance, David.