Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
573 views
in Technique[技术] by (71.8m points)

jakarta ee - dynamic roles on a Java EE server

I want to manage user and roles in a dedicated application. For example a user of this application ("customerX boss") can create a new role "customerX employee". If an employee accesses the Java EE application server (GlassFish 3) he should get the role "customerX employee".

It sounds simple, but it is not supported by Java EE, because groups are mapped to roles at start-up time and the roles within the application are static.

What is the best way to manage user roles at runtime in a Java EE (6) environment?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

The declarative security in Java EE is indeed no suited for such requirements. The problem of security can be split in two:

  • authentication
  • authorization

I had similar requirement once. We used the built-in authentication to have the principal set and relied then on the default Java EE login mechanisms. But we ended up managing the authorization part manually at the applicative-level.

Indeed, even the roles that will be loaded and associated with the principal (isUserInRole for the web and isCallerInRole for the EJB) need to be specified in web.xml or ejb.xml which doesn't provide enough flexibility. We had then to load the roles manually (according to the principal) from LDAP or ActiveDirectory. We then used EJB3 interceptors and Servlet filter to perform the security checks ourselves.

I would however strongly suggest to stick to a Role-based access control (RBAC) and not implement something more fancy. There are several frameworks that can help to deal with home-made RBAC.

We also had a look at JSecurity and Acegi Security and they seemed interesting.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...