0 Replies Latest reply on May 20, 2007 10:13 AM by dav dav

    Session Beans with its own personal roles

    dav dav Newbie

      How to assign own set of user roles for different Session Bean?s?

      Here is business logic: we have users, gaining rights for calling Session Bean?s methods
      depends on accessory to the group; group contains records in such form:
      name of the Session-Bean -> list of roles available for the given bean;
      roles define CRUD operations.


      void newClass(String name) { ... }

      List getAll() { ... }

      void remove(Long id) { ... }

      class SessionBeanB

      List getList() { ... }

      void changeUser(User u) { ... }


      and groups with these roles for calling methods:

      SessionBeanA ?> { CREATE, READ }
      SessionBeanB ?> { UPDATE }

      SessionBeanA ?> { READ, DELETE }
      SessionBeanB ?> { READ, UPDATE }

      Suppose that,
      user User1 consisted in GroupFirst
      user User2 consisted in GroupSecond,
      then the table of available operations has view:

      UserSessionBeanAvailable methodsUser1SessionBeanAnewClass()getAll() SessionBeanBchangeUser()

      With such organization occurs necessity to define capacity of calling methods in different
      Session Beans and user must have different rights for each of the Session-Bean.

      Please, give an advice: how it all can be organized or, at least, in what
      direction I should work?

      (Maybe, dynamical change (on the fly) of user?s roles when we calling one
      or another SessionBean will be right decision?
      If yes, in which way I should go?)