Announcement Announcement Module
No announcement yet.
Implementing Security with Groups Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Implementing Security with Groups

    I have a need to change the current User/Roles model so that we introduce groups/roles/permissions. we get pre-authenticated from an external source and get group names for that user in the header. We have a table grouproles that has roles_id as foriegn key from the roles table. So a user with multiple groups can have the set of roles. I do not want to maintain the user infomration in my database. So, in other words, I dont want spring to lookup the authorities based on the username, only the groups that are in the headers. The group names come in the a single header as pipe delimeted values.

    group header eg:

    grouprole table output:
    GroupName, Role, Permissions
    'SID_D', 'ADMIN', 'APP1'
    'SID_D', 'ADMIN', 'APP2'
    'SID_D', 'USER1', 'APP1'
    'SID_D', 'USER1', 'CACHE_READ'
    'SID_S', 'USER2', 'APP2'
    'SID_S', 'USER2', 'CACHE_READ'

    How can I achieve this security implementation? Is that even achievable?


    Sameer Jaffer
    Last edited by sijaffer; Jun 14th, 2013, 02:25 PM.

  • #2
    Has anyone dealt with this scenario??


    • #3
      Originally posted by sijaffer View Post
      Has anyone dealt with this scenario??

      Take a look at the JdbcDaoImpl. It has implementation details for mapping a group to a set of authorities. Once you get that working, you just need to figure out how to get what groups a user has from the external provider.