Announcement Announcement Module
No announcement yet.
field level Authorization Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • field level Authorization

    Dear all,

    I am building an application with spring MVC. Finally we have decided to implement acegi for authentication and authorization. The principal can be Authenticated either on oracle or ldap. I read through books and a lot of help available around and finally have an idea as to how acegi works.
    I have done form based authentication. In acegi too, the fundamental directory structure remains the same. The secure pages go into /secure... et cetra. My current app. will have an admin page and the admin will be able to decide which groups (user groups) will have access to which pages and then which of the user groups can see which fields(like admin sees diff fields and tech. sees diff fields). I have no idea what approach should I take with this kind of a requirement. I would be grateful if someone could show me some direction with this : a) the approach that I can follow b) Would I be well off with this kind of stuff having about average knowledge of acegi and spring mvc ?

    Thanks in advance for your time

  • #2
    Anything wrong in the question ?


    I hope I have conveyed my problem. Please let me know if the question is wrong in any way ?



    • #3
      When you say field level, are you talking about fields on a class, or are you talking about fields in the context of user profile fields? E.g. an administrator can change a users department but another user can't.
      Last edited by karldmoore; Aug 27th, 2007, 04:07 PM.


      • #4
        post below. Sorry for the confusion
        Last edited by sarvananda; Jul 19th, 2007, 11:31 AM.


        • #5

          First,thanks so much for replying. I guess my post was a little confused.
          My requirement is :
          I will make user groups to seperate my user base. I need to be able to configure (without interfering with the code) those user groups in such a way that I decide which user groups will have access to which jsps.
          Then within the jsps, before displaying all the fields. I need to check for the profile the user belongs to. If the user is a technician then only the tech. related fields are displayed. If the user is admin all the fields are displayed on the jsp.

          I have been challenged in finding a proper approach that I can follow for this. I plan to use ACEGI with spring MVC.

          Thank you so much for your time.



          • #6
            There have been lots of discussions in the past about dynamic configuration and driving this from a database. I'd have a search and read through those, they pretty much cover everything you're looking for.
            Last edited by karldmoore; Aug 27th, 2007, 04:07 PM.


            • #7
              Thanks so much Karldmoore. I searched, and now, I have too much of info. Probably would have to pick up a few pieces from all the posts. Noted all urls will compare em at work. Thanks for all yuor help. Still, if you think of something, please do post. I will post here once I have implemented something now.


              • #8
                Dynamic Rule Based Field Level Security

                I am not sure, if this helps, but you may want to check out this project:


                It maybe sufficient for what you're trying to accomplish.