Hi,
I am currently working on a J2EE project and despair a little at the authorization management. In short, I will consider depending on current business object if a particular user has a role, or is in a particular group. I am giving an example so that you members can feel easy to understand :
Code:
The Entity class has a property is "string accessRole saved in the required group, for example," Abteilung21.
public boolean canDoSomething (Entity e) (
Return ((e.getAccessRole ()! = Null) & & (sessionContext.isCallerInRole (e.getAccessRole ())));
)
The problem is that all the roles you call with isCallerInRole previously in DD or via annotations should be declared (for whatever reason), otherwise it throws the container (Sun Application Server 9.1) is an exception. I have already read when googling though, that it goes well in JBoss, but that is not then in conformity with the specification. Actually, I wanted to reinvent the wheel, so I wanted it questions what best practices are in terms of permissions control.
Bookmarks