Announcement Announcement Module
No announcement yet.
Managing special roles Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Managing special roles

    Hi all,

    I have a web-app configured with spring security which gets users and roles from an ldap tree.

    I have a dn ou=User,dc=application for users and, for role, ou=Groups,dc=application .

    Every role is an entry in the second subtree and the association is made by attribute member in role entry.

    Actually i have 5 different role access (ROLE_A, ROLE_B, ROLE_C, ROLE_D, ROLE_E) : every role gives grant to access to a specific url. Every role are independent.

    Role subtree schema (very simple and incomplete)

    ou=Groups,dc=application .

    Now I have to satisfy a request to insert 3 new roles (ROLE_F, ROLE_G, ROLE_H) that can be assigned following a fixed schema :
    - ROLE_F can be assigned only if user is in role to ROLE_B, ROLE_D,
    - ROLE_G can be assigned only if user is in role ROLE_C or ROLE_E
    - ROLE_H can be assigned only if user is in role ROLE_A or ROLE_B

    Which is the best pratice to manage these 3 new roles? Shall I consider them as independent and managed dependency in application or what else?