Hello,

I have the following problem, with a JBoss Portal application. We've written a custom LDAP-based login module, to handle authentication. Now we'd like to restrict access to certain portal pages and portlets. The difficult part is, that our client wants to create (and remove) roles "on-the-fly" in a database structure, and they want to create permissions based on these roles, so one can see or can't see the requested resource (in this case: portlet page). They have a database structure which defines these roles, and their permissions (e.g: User with role "Manager" is able to access portlet page Admin, but later they'd like to add a role who can also access this page). So, as you can see the roles and permissions can't be hardcoded.

I've studied the portal ref documentation and concluded that a custom PortalAuthorizationManager and PortalAuthorizationManagerFactory would be the easiest and most painless solution. Creating a custom checkPermission method to handle this task. So my questions:

1. Is this the "right" solution? Is it possible to provide my custom authorization manager? If not, please give me your opinions.
2. If this is correct, please direct me to some kind of detailed documentation for creating these classes. I've googled for hours and haven't stumbled upon any useful docs.
3. How would you handle this problem?

Thanks in advance,
Mark