• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Urgent : Authentication & Authorization

 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We have a typical authorization requirement as below.
1. A user can have a role for a specific company.
2. A user can have many roles for a specific company.
3. A user can have different roles specific to different companies. It means a user can have few roles for Company (lets say ABC Inc.) and can have few roles(same or different) for some other Company (lets say XYZ Inc.)
User Access level changes for each request depending on the role and the company (company, which exist at that point).
Please help in suggesting the authorization framework I can use for such requirement.
Is Oracle SSO/Siteminder can help in implementing the above requirement?
Or we should use the Database approach?
Please help me.
Thanks in advance.
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It seems to me that any role-based authorization framework should be able to handle this -- of course your Role objects would be in fact represent role/company combinations.
- Peter
 
Viral Thakkar
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If I will associate the Company to Role as per your suggestion then I need to have a same Role for each company. This seems to be not feasible. Am i Rite?
Example,
Role Name: Project Leader
Now If we will asociate the Role with company then we need to have Role names as
1. Project Leader-ABC Inc.
2. Project Leader-XYZ Inc.
In future for new company we need to create a new role also and need to associate with users also. This is not the rite solution.
I think you got my point, what I meant to say.
 
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
what u can do is:
1)create a role (which is nothing but a club of privilages) and each role specifies the access of resources at various level, and name the roles e.g project-leader, Developer etc.
2) u can resuse the above created role and assign it to various entities.
3) unlimited combination of privilages could be to create new roles.
JAAS framework provides support for role based Authentication/ Authorization.
Check out these useful links:-
JAAS. Start with the tutorials, then the Reference Guide and perhaps the white paper.
The Java Developers Almanac has a little bit of sample code too.
regards
Ashish Uniyal
SCJP2
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic