posted 11 years ago
I have a web application to create online roleplays that I'm re-writing in Spring.
Currently it allows a user to log in and then see a list of all organizations that they are members of on the platform. They can then pick one section (Admin, Author, Facilitator or Player) and then enter into it. Picking the section they go into is important, because it requires a mental shift to go from thinking like an author or facilitator, etc. We want that mental shift made explicit by forcing the user to select what area they want to enter into.
Additionally, a user's permissions may be different for different organizations. So someone may be an author in Org 1, but only a player in Org 2. If they have no permissions in Org 3, then they would not even see it listed. Below is an example of what they may see after logging in:
Org 1
Author, Facilitator, Player
Org 2
Player
I am trying to implement this in Spring Security, but find it difficult. In the current application, the permissions were set after the user logged in and chose an organization and section to go into. Spring Security seems to highly lean toward loading all user permissions (authorities) at the moment of login. So now I'm considering what to do. I could chop the application into 4 different pieces and then just allow someone to only enter into one of those for one organization. But I'd rather keep it one platform, and have the user select the section they are entering after logging in at the one (and only one) login page.
Any thoughts?
Thanks,
Skip
If you love me, you will visit docs.opensimplatform.org
(FYI, Getting it tattooed on is a bit much.)