|
| Sam wrote:
> I have an idea for a simple security architecture and would like to
> implement it within the java.security package but I am very 
> by the framework.
that's normal. ;-)
> What I want to do is assign a user to a role (or multiple roles). A
> role would consist of a list of Capabilities (are these Permissions?)
> a user may have. For example, imagine I have one Capability
> (Permission) in my system called People. The role of User may have
> level 1 which is read-only. The role of Administrator may have level
> 2 which is read/write/add. The role of SuperUser may have level 3
> (read/write/add/delete). In reality, there would be many Capabilities
> (Permissions), each with a value of 0 (can't see) to 3
> (read/write/add/delete). These capabilities are used throughout my JSP
> pages to give the correct access to certain things (Should I show the
> delete button for example). I create Roles with the correct levels of
> capabilities (permissions). I assign a user to one or more Roles.
> All this information is stored in my database in various tables.
>
> Is what I am calling a capability a Permission?
it can be implemented as such.
>
> Can I use the concept of levels (integers) for a single Permission?
each permission class has a set of names (values), which are strings.
you don't need integers but can use the implies() method. so in your
case delete implies add, etc.
role based access can be implemented using the classes in the
java.security.acl package. define a role as a group that holds people
(principals) who currently play that role. unfortunately, the
acl-package only contains interfaces, so you will have to implement
everything yourself. maybe you write your own easier api for your purpose.
JK
|
|