tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Quintin Beukes <quin...@last.za.net>
Subject Retrieving Group Principals
Date Sat, 14 Nov 2009 11:17:59 GMT
Hey,

I've got a bunch of @RolesAllowed annotations, which basically
reference the group principals of my users. They work perfectly.
Further I can also retrieve the subject name by accessing the
UserPrincipal through the EJBContext.

How can I retrieve all the group principal, or "Role Names". This is
available to OpenEJB, as it uses it to authorize my requests.

I can't read them from the database, as the role names in the database
are different from those used in OpenEJB. I'm using Geronimo role name
mappings for this. For example, my EJBs would be annotated with
@RolesAllowed({"Personnel Admin", "Personnel Read Access}), and then I
have in the database a role "Lamp Room Staff". This role would then be
mapped to a bunch of EJB roles, including "Personnel Read Access",
"Create Lamp", "Assign Lamp", etc.

For the server side it's fine to not have a list of the roles, as
OpenEJB takes care of it all, and where more complex authorization is
needed I just call ejbContext.isCallerInRole(...). Though my client
side front end also has authorization in it. This is mostly just to
show/hide actions allowed for a given user.

As a temporary fix I have a method "List getOperatorRoles()", which
takes a list of all roles and then iterates isCalledInRole, building a
list based on the result of this method. I can't continue doing this
though, as it increases maintenance and "breaks" modularity.

How can I retrieve a list of all roles? Even if it means I have to go
against the standard for this one thing, in which case I'll put it in
a utility class which validates it's environment and raise an error +
description when run in another server. This way when moving it I'll
remember to find another way of achieving the same. I don't think this
will happen anyway.

Quintin Beukes

Mime
View raw message