This content has been marked as final.
Show 3 replies
-
1. Re: Dynamicaly manage role permissions
dsteinwe Feb 16, 2009 10:47 AM (in response to eyalzf)Do authentication with jaas. For authorisation I suggest EJB3 interceptors. In the interceptor you can check the permissions for a principal (-> context information).
For lean code you may define own permission annotations for the facades methods. In the interceptor you access these metadata.
HTH Dieter -
2. Re: Dynamicaly manage role permissions
eyal.zfira Feb 16, 2009 11:06 AM (in response to eyalzf)"dsteinwe" wrote:
Do authentication with jaas. For authorisation I suggest EJB3 interceptors. In the interceptor you can check the permissions for a principal (-> context information).
For lean code you may define own permission annotations for the facades methods. In the interceptor you access these metadata.
HTH Dieter
So in this way I basically have my own role-to-permission data model which I have to inquire in the interceptors, right? -
3. Re: Dynamicaly manage role permissions
dsteinwe Apr 16, 2010 4:25 PM (in response to eyal.zfira)Yes. I have implemented a database access in the interceptor to check the authorisation. If the data are small enough to load to the memory you can improve the speed.