Our users are placed into groups similiar to the following: group-subgroup0-editor -> joe -> bill group-subgroup0-admin -> mike group-subgroup1-editor -> joe group-subgroup1-admin -> paul
I can't figure out how would you handle this type of grouping with declarative security. With declarative security, I can restrict a user from calling a method unless they are an "admin" or "editor", but I need something more granular that takes into account the subgroups. I don't know the subgroup until the user makes a web request. Further, new subgroups are created on a regular basis. Can I use wildcards for roles, like group-*-editor? Or do I have to use aspects to provide more programmatic method call security? Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3899682#3899682 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3899682 ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user