Hi, I would like to implement a user base (using J2EE declarative security) with the following relationship hierarchy : Users: user = 100, usergroup = 11; UserGroups: usergroup = 10, groupname=agent, parentgroup = 5; usergroup = 11, groupname=privatesupplier, parentgroup = 5; usergroup = 5, groupname=supplier, parentgroup = 1; usergroup = 1, groupname=user, parentgroup=0; This is so that if I say isUserInRole(supplier) in a servlet or JSP, I know I'm dealing with all users in this group as well as all users in all child groups. Or in other words I need to know whether a user is a descendent of a particular ancestor. I am using a DatabaseServerLoginModule(which comes with JBoss) which queries the following two tables in order to authenticate the user: Table Principals(PrincipalID text, Password text) Table Roles(PrincipalID text, Role text, RoleGroup text) How could I implement my usergroup hierarchy strategy using principals, roles and rolegroups if I wanted to reuse the existing tables and its data as a source for authorization ? Thanks Joe
subject: Do I re-use existing declarative role-based data structures for user authorization?