Mar 7th, 2007, 03:44 PM
abstract role binding
I've got Acegi 1.0.3 setup for a web application I'm deploying to Tomcat 5.5.20. I've been accustomed to using WebSphere 5.0.
I basically need to define abstract roles and then bind to one or more ldap groups.
ROLE_ADMIN = O.IT.DEV, O.MY.GROUP
ROLE_USER = O.USERS.FOO, O.USERS.BAR, etc.
Mar 8th, 2007, 12:21 PM
Could you explain a little more about what you are trying to do here?
Mar 8th, 2007, 02:31 PM
I want to define access to controls and pages in my application based on
abstract roles ( not ldap groups )
Our ldap groups are named like:
Take two abstract roles:
More than one ldap group(runtime ldap group) may make up users in the admin role (abstract role).
ADMIN_ROLE = O.IT.DEV, O.MY.GROUP
USER_ROLE = O.USERS.FOO, O.USERS.BAR
My security constraints would be tied to abstract roles. Who wants to hard-code ldap groupnames in their code. I don't want to embed ldap group names in my applicationContext-acegi.xml because they are subject to change.
Futher research suggests modifying extending DefaultLdapAuthoritiesPopulator to allow resolving membership in my abstract roles by checking to see which ldap groups this user belongs to and which abstract roles are applicable.