directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Pike <clp...@psu.edu>
Subject Re: All or Anonymous User Roles
Date Tue, 08 Dec 2015 17:53:43 GMT
Here the example I'm thinking about... if the permission check on my method is "alert.status.view",
I can create a role with that permission and add users into the role. Later on if I want all
authenticated users to have that permission, I would have to add all 40k users (and new users
as they come into the system) into the role. Even later on if I want anyone, even anonymous
users to have access to the method, I would have to do a code change and remove the permission
check from my method.


----- Original Message -----
From: "Shawn McKinney" <smckinney@apache.org>
To: fortress@directory.apache.org
Sent: Tuesday, December 8, 2015 11:41:41 AM
Subject: Re: All or Anonymous User Roles

> On Dec 8, 2015, at 9:26 AM, Chris Pike <clp207@psu.edu> wrote:
> 
> Currently, our clients use the fortress API to lookup roles and permissions for the already
authenticated user. So being authenticated or anonymous is determined by the client and is
an input to the fortress API. 
> 

Agreed the client knows if it is authenticated or not but still confused on what you’re
seeking.  Are you asking to assign a particular role to a user based on the client’s understanding
of the same user's bind status?  Sort of like a ‘default’ role that all users have if
they are either anonymous or bound connection to ldap?

Shawn

Mime
View raw message