abstract role binding

[jamesdeanturner]

I've got Acegi 1.0.3 setup for a web application I'm deploying to Tomcat 5.5.20. I've been accustomed to using WebSphere 5.0.

I basically need to define abstract roles and then bind to one or more ldap groups.

ROLE_ADMIN = O.IT.DEV, O.MY.GROUP
ROLE_USER = O.USERS.FOO, O.USERS.BAR, etc.

Any suggestions?

[karldmoore]

Could you explain a little more about what you are trying to do here?

[jamesdeanturner]

I want to define access to controls and pages in my application based on
abstract roles ( not ldap groups )

Our ldap groups are named like:

O.IT.DEV
O.MY.GROUP
O.USERS.FOO
O.USERS.BAR
etc.

Take two abstract roles:
ADMIN_ROLE
USER_ROLE


More than one ldap group(runtime ldap group) may make up users in the admin role (abstract role).

ADMIN_ROLE = O.IT.DEV, O.MY.GROUP
USER_ROLE = O.USERS.FOO, O.USERS.BAR

My security constraints would be tied to abstract roles. Who wants to hard-code ldap groupnames in their code. I don't want to embed ldap group names in my applicationContext-acegi.xml because they are subject to change.


Futher research suggests modifying extending DefaultLdapAuthoritiesPopulator to allow resolving membership in my abstract roles by checking to see which ldap groups this user belongs to and which abstract roles are applicable.