• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Do I re-use existing declarative role-based data structures for user authorization?

 
Jim Clayson
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I would like to implement a user base (using J2EE declarative security) with the following relationship hierarchy :
Users:
user = 100, usergroup = 11;
UserGroups:
usergroup = 10, groupname=agent, parentgroup = 5;
usergroup = 11, groupname=privatesupplier, parentgroup = 5;
usergroup = 5, groupname=supplier, parentgroup = 1;
usergroup = 1, groupname=user, parentgroup=0;
This is so that if I say isUserInRole(supplier) in a servlet or JSP, I know I'm dealing with all users in this group as well as all users in all child groups. Or in other words I need to know whether a user is a descendent of a particular ancestor.
I am using a DatabaseServerLoginModule(which comes with JBoss) which queries the following two tables in order to authenticate the user:
Table Principals(PrincipalID text, Password text)
Table Roles(PrincipalID text, Role text, RoleGroup text)
How could I implement my usergroup hierarchy strategy using principals, roles and rolegroups if I wanted to reuse the existing tables and its data as a source for authorization ?
Thanks
Joe
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic