Announcement Announcement Module
Collapse
No announcement yet.
abstract role binding Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • abstract role binding

    I've got Acegi 1.0.3 setup for a web application I'm deploying to Tomcat 5.5.20. I've been accustomed to using WebSphere 5.0.

    I basically need to define abstract roles and then bind to one or more ldap groups.

    ROLE_ADMIN = O.IT.DEV, O.MY.GROUP
    ROLE_USER = O.USERS.FOO, O.USERS.BAR, etc.

    Any suggestions?

  • #2
    Could you explain a little more about what you are trying to do here?

    Comment


    • #3
      I want to define access to controls and pages in my application based on
      abstract roles ( not ldap groups )

      Our ldap groups are named like:

      O.IT.DEV
      O.MY.GROUP
      O.USERS.FOO
      O.USERS.BAR
      etc.

      Take two abstract roles:
      ADMIN_ROLE
      USER_ROLE


      More than one ldap group(runtime ldap group) may make up users in the admin role (abstract role).

      ADMIN_ROLE = O.IT.DEV, O.MY.GROUP
      USER_ROLE = O.USERS.FOO, O.USERS.BAR

      My security constraints would be tied to abstract roles. Who wants to hard-code ldap groupnames in their code. I don't want to embed ldap group names in my applicationContext-acegi.xml because they are subject to change.


      Futher research suggests modifying extending DefaultLdapAuthoritiesPopulator to allow resolving membership in my abstract roles by checking to see which ldap groups this user belongs to and which abstract roles are applicable.

      Comment

      Working...
      X