This content has been marked as final. Show 2 replies
I think I have a pretty typical security problem, but was unable to find the answer in the forums by searchiing.
I want to use the standard J2EE security stuff. It works for most of what I want to do. However, there are times when controlling authorization to resources based on methods or beans isn't enough. I need to authorize principals based on data.
For instance.. User's with one role might only be able to access data they are related to specifically, and user's with another role may have access to a superset of that.
Am I making sense? I can give more concrete examples if need be.
Can someone point me in the right direction here? I guess I'm hoping there's some sort of pluggable AuthorizationHandler interface I can implement these special checks for, and associate with my beans via the same security plumbing.
thanks in advance.