Hi All,
I posted an email about Orion and Security a few days ago and got some
great response. Let me go into a little more details and see if what I am
doing will work accordingly?
1. The security model I need is to all a user to log in once but can use
multiple applications within that server.
a. Server
i. App1
ii. App2
iii. App3
2. Let say user1 have "admin" access to App1, "read" access to "App2" and
"edit" access to app3.
a. At the initial login of the user, a security object for the user is
created. There all of his/her security is loaded into the object.
b. User1 go to App2, at this point, each of the App2 screen will call the
security object and check to see with kind of role the user have for it. In
our case, user1 only have "read" access which the screen will be display as
read only with no edit problem.
Security Summary
1. User
2. Application
3. Role(s) [Read, Modify, Delete, Add, etc]
4. Other.
With the scenario I described above, I don't think it is currently available
with the Orion security scheme. At each login a new security object get
instantiated and populated with all the security information for the user
from the database. Once the object is instantiated and populated, the
database is no longer access for security. Of course this will requires
some memory on the server side to hold the information but the access will
be fast. This will requires an Entity Bean to do and will be managed by the
container until the session is done. There are also thought of caching it
for a certain period of time but probably not the first release.
My question now is will the above work?
Does anyone willing to share a better scheme?
Any inputs will be great.
Thanks
Doug Pham
