How can I make my Jboss app multi user storing login info in local entity beans and allow per user checks for bean access?
That's the short way to say it, here is the long...
I would like my app to support multiple users, but store the login stuff in entity beans instead of an LDAP or database server. I would also like entity bean instances to be owned by specific users so that user1 cannot modify a bean instance owned by user2 and vice versa.
Here is my guess as to how to do this based on what I read in the AdminDevel document, but I would appeciate it if someone who knows what they are doing could validate it or tell me if there is a better way.
I would create a custom login module that authenticates by looking up credentials in the local entity bean. The local entity beans method permissions would be unchecked to allow the login module to access it.
The per user checks would be done by creating a SecurityProxy that checks if the principle trying to access the bean actually does own the bean.
Is this possible and is there a better way to do it?