-
1. Re: bean method parameters used in permission checks?
pearl81 Mar 22, 2004 3:47 PM (in response to davout)could you refer to the "How to handle dynamic authorization?" thread. i have a similar requirment, and I've requested Scott if it's actually possible to have an enhancement to add/remove certain transient roles.
But the bottomline, as I understand it, is that you cannot leverage declarative J2EE security when your roles have to be ascertained dynamically on a per-call basis. You would have to either establish the roles at login time, or go for your own custom role mechanism. -
2. Re: bean method parameters used in permission checks?
davout Mar 22, 2004 3:56 PM (in response to davout)I sort of assumed straight off that the standard EJB role based declarative permission design wouldn't be able to handle this.
But given what this business problem is hardly unique, I was wondering whether there was a library/module out there that would tackle this??!!?? -
3. Re: bean method parameters used in permission checks?
pearl81 Mar 23, 2004 11:45 AM (in response to davout)Absolutely my thoughts. Most businesses, as I'm aware of have the needs to evaluate roles based on the relation of the person/system to the entity being acted upon. We have numerous such cases:
1) Manager updating his/her direct report's data
2) Group owner updating their group's settings/adding members to their groups et al.
Unfortunately, looks like we all have to reinvent the wheel, I guess?!