Re: [Acegisecurity-developer] Multiple applications and different roles
Stephane Bailliez wrote: Hi all, I'm trying to see whether there is an easy way to implement roles (authorities) for several applications. Each application having its own set of authorities (ie: john being registered as ROLE_SUPERVISOR only for application A, does not apply to application B and C for example). Seems there is no support for this out of the box and the model is rather flat. A potential workaround I was thinking to avoid too much initial code would be to have a convention such such as: ROLE_A_SUPERVISOR, ROLE_B_SUPERVISOR respectively for application A and B which will be an acceptable workaround for half a dozen applications in the short term even though not extremely elegant. Does any one have solve this type of issue differently or any opinion on the above ? Another option is to modify your UserDetailsService to return a custom GrantedAuthority that reflects the assigned role in one property and the application in another. Then provide a custom AccessDecisionVoter that works with your custom GrantedAuthority and is aware of which application the present operation applies to (perhaps derived from a configuration property or a ThreadLocal or even contextual metadata like a method argument). Cheers Ben - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Multiple applications and different roles
Sounds like a single sign-on solution would work best. Have a look at the Acegi support for CAS. Using CAS with Acegi might provide the features you are looking for. On 2/8/07, Stephane Bailliez [EMAIL PROTECTED] wrote: Hi all, I'm trying to see whether there is an easy way to implement roles (authorities) for several applications. Each application having its own set of authorities (ie: john being registered as ROLE_SUPERVISOR only for application A, does not apply to application B and C for example). Seems there is no support for this out of the box and the model is rather flat. A potential workaround I was thinking to avoid too much initial code would be to have a convention such such as: ROLE_A_SUPERVISOR, ROLE_B_SUPERVISOR respectively for application A and B which will be an acceptable workaround for half a dozen applications in the short term even though not extremely elegant. Does any one have solve this type of issue differently or any opinion on the above ? Thanks, -- stephane - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Multiple applications and different roles
Sounds more like a storage issue, assuming you are configuring the different applications separately. If the roles are stored in a database, add an extra column for the application or if you're using Ldap, store them under a different context. Then modify the SQL or Ldap search criteria for each application accordingly. This would be more suitably discussed in the user forum, rather than the dev list. Stephane Bailliez wrote: Hi all, I'm trying to see whether there is an easy way to implement roles (authorities) for several applications. Each application having its own set of authorities (ie: john being registered as ROLE_SUPERVISOR only for application A, does not apply to application B and C for example). Seems there is no support for this out of the box and the model is rather flat. A potential workaround I was thinking to avoid too much initial code would be to have a convention such such as: ROLE_A_SUPERVISOR, ROLE_B_SUPERVISOR respectively for application A and B which will be an acceptable workaround for half a dozen applications in the short term even though not extremely elegant. Does any one have solve this type of issue differently or any opinion on the above ? Thanks, -- stephane -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer