geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Svensson" <b...@cmd.nu>
Subject Dynamic security w/ highest integration level possible towards Geronimo
Date Mon, 15 Dec 2008 11:32:54 GMT
Hello.

I'm quite new in the "Programming towards J2EE" business so bare with me if
I missed some basic point.
(Or if this mail on this mailing list is totally off topic)

I'm developing an application that will serve as a web base file storage
archive.
Customers will receive login credentials and be able to access projects that
they have been assigned (read: groups).
There must also be a anonymous "mode" where projects that have an anonymous
flag will be shown and allowed access.

What I'm looking to construct is something like this:

User requests servlet at /access/test/. Parsing is done and a question is
popped to a database looking for the project "test".
Test is found and is anonymous. File listing is shown.

User requests servlet at /access/secret1/. Parsing is done and a question is
popped to a database looking for the project "secret1".
Secret1 is found but is not anonymous - user is redirected to a FROM-login.
User logs in and file listing is shown.

User requests servlet at /access/secret2/. Parsing is done and a question is
popped to a database looking for the project "secret2".
Secret2 is found but is not anonymous and not assigned to User1 - user is
redirected to an Access Denied-page.

I'm aware that it's possible to add security constraints to every single
/access/secret1, /access/secret2, /access/secret3 and so on, but that is no
fun.
Also, I would need to add a role for each project.

Basically what I want is some sort of dynamic role and security constraint
injection.
What I've understood this is commonly solved using a filter - but when I
look at the existing functionality it comes annoyingly close to what I need.
Although, if filter is the J2EE way to solve this it brings me to my next
question: How do I manual test logins to the applications security realm?

Greetings,

-- 
Christian Svensson
Command Systems

Mime
View raw message