I know a lot of theory about authentication and authorisation. But need more help in practice.
I have been able to authenticate to the server using LDAP. All the users are set up in LDAP and we are using single sign on to authenticate. This part is fine.
How do I go about authorisation. I shall be providing custom application screens to add, edit and remove users at runtime from Oracle. How do I go about it? I shall be using a Stateless SessionBean (LoginService) + DAO for accessing authorisation Oracle tables.
Please can you explain in **as much detail as possible**. I am very confused. Can I use decalrative secuirty or programmatic security or a combination of both? And if so -- how?