0 Replies Latest reply on Sep 23, 2005 2:24 PM by darren hartford

    Seperate Authorization mechanism from Authentication by app?

    darren hartford Expert

      Hello all,
      I am presently using the org.jboss.security.auth.spi.LdapLoginModule for authentication with great success, and also have it successfully used for basic Authorization by group.

      However, I would like to take a step further on Authorization where my application would like to use attribute-based role authorization (Both EJB/webservice and webapp if possible).

      An example would be easier than explaining it, so:
      A user has 1-N projects.
      A user could have roles 'users', 'supervisor', 'admin', each different for each project.

      Since that N-N mapping doesn't fit well into groups for LDAP, I would like to explore continue using LDAP for authentication but a seperate piece for authorization. Any recommondations?

      thanks,
      -D