3 Replies Latest reply on Mar 23, 2004 11:45 AM by pearl81

    bean method parameters used in permission checks?

    davout
    davout Mar 22, 2004 2:51 PM

      I'm building my first EJB system and have a question about how permissions may be applied to bean methods where the data parameters passed to the method need to be part of the permission check.

      Take an example of where I have a session bean that supports the maintenance of currencies and currency exchange rates.

      For basic CRUD type operations like 'addCurrency' I can use role based security to manage access..

      However, assume that I have a a method like....

      setRate(String aCurrency, Date aDate, double aRate)

      I want to define permissions about who can set rates for different currencies. where only 'fred' can set 'US Dollar' rates, but only 'louis' can set 'Euro' rates.

      Does JBoss include any facilities to handle this type of requirement?

      • 3116 Views
      • Tags:
        • 1. Re: bean method parameters used in permission checks?
          pearl81
          pearl81 Mar 22, 2004 3:47 PM (in response to davout)

          could you refer to the "How to handle dynamic authorization?" thread. i have a similar requirment, and I've requested Scott if it's actually possible to have an enhancement to add/remove certain transient roles.

          But the bottomline, as I understand it, is that you cannot leverage declarative J2EE security when your roles have to be ascertained dynamically on a per-call basis. You would have to either establish the roles at login time, or go for your own custom role mechanism.

            • Actions
          • 2. Re: bean method parameters used in permission checks?
            davout
            davout Mar 22, 2004 3:56 PM (in response to davout)

            I sort of assumed straight off that the standard EJB role based declarative permission design wouldn't be able to handle this.

            But given what this business problem is hardly unique, I was wondering whether there was a library/module out there that would tackle this??!!??

              • Actions
            • 3. Re: bean method parameters used in permission checks?
              pearl81
              pearl81 Mar 23, 2004 11:45 AM (in response to davout)

              Absolutely my thoughts. Most businesses, as I'm aware of have the needs to evaluate roles based on the relation of the person/system to the entity being acted upon. We have numerous such cases:

              1) Manager updating his/her direct report's data
              2) Group owner updating their group's settings/adding members to their groups et al.

              Unfortunately, looks like we all have to reinvent the wheel, I guess?!

                • Actions