Spring Security / Java EE solutions for hierarchy tree roles -

Spring Security / Java EE solutions for hierarchy tree roles -

January 15, 2010

I know spring security is good for standard roles and permission based authorization. I'm not sure this is the scenario:

The system has managed 10,000 employees, employees have organized into an organization chart (a tree which reports in all departments). Some of these employees are users. These users are allowed to enter their responsibility of employees (branches in their tree / descendants of their staff) only.

So I wonder how modern Java EE (or other) systems manage these checks? Can Spring Security (ACL) do this and how can it be prepared?

Our old implementation (many years ago) occurs when a user reaches an employee. We can check whether the requested staff will have a tree again. But this is not the ideal solution and we want to use a new solution.

As I have done working on this subject for a month now, Can answer, though there may be a better answer.
There is something in the role of hierarchy in the spring security and if you use ROLE_A & gt; ROLE_B then the ROLE_A will have all the authorizations which are ROLE_B.
So here are two options:

1 There is a couple of roles for every user and his descendants. For user ROLE_USERi and its descendants ROLE_USERiDESC you have ROLE_USERi & gt; ROLE_USERiDESC
But (as you do not know your organ chart) it can be insufficient because many of these can be added! If your tree has two or three levels (ROLE_USER is one of the two or more offspring) it is anyway suitable, because this role is high, more officers will have it.

2. In my project (which is so similar to the accident) I made another alternative. I have some basic roles for some basic tasks and I have a "care group" in which a carer can see his descendants Could.
Why should I do this? Because I have roles for some actions (such as edit, delete, some sensitive data and ...) and to observe the carers' groups.
If AB is a carer, then he can see B's data, but A can not do anything with its officials.

BTW, it has not been thoroughly tested yet and you can come to another potential solution.

Also view:

Comments

Post a Comment

Popular Posts

apache - How to do an URL rewrite that works with a pre-existing .htaccess file? -

I have a platform that is currently available through the URL: Www.websitecom / index.php? App = forum Instead, I want people to be able to go here: & lt; Ifmodule mod_rewrite.c & gt; Option - Multi Views RewriteEngine RewriteBase / RewriteCond on% {REQUEST_FILENAME}! -f Rewrite Convert% {REQUEST_FILENAME}! -d rewriteable /index.php [L] & lt; / IfModule & gt; It seems that it should be possible, but I'm not sure how to do it. Thank you! This has not been tested, but something like that should be done. Add it before the first Rev.Directivity. RewriteRule ^ forum $ /index.php?app=forums Alternatively, you redirect from a 301 / forum to index.php URL . By doing this: 301 / redirect the forum "http://www.website.com/index.php?app = forum However, it seems that you want to make a proper rewrite, so the first option is better,

c# - EventSource's response has a MIME type ("text/html") that is not "text/event-stream" -

When I try to hook my controller to EventSource, it keeps saying: EventSource Response contains a MIME type ("text / html") that is not "text / event-stream" canceling connection. I have created the following class to help in handling a handle and preparing the reaction. In this class I believe that I set the text / event-stream according to the response. public class ServerSentEventResult: ActionResult {public representative string GetContent (); Public GetContent Content {get; Set; } Public int version {get; Set; } Public Override Zero ExecuteResult (Controller Context Reference) {if (context == null) {New argument NullException ("Reference"); } If (this. Content! = Null) {HTPRPPointbase response = reference. Hpptntx response; reaction. Contact type = "text / event-stream"; reaction. BufferOutput = false; reaction. Chargset = Faucet; String [] newStrings = context.HttpContext.Request.Headers.GetValues ("last-event-id"...

android - How to build apk without eclipse or Modify the apk building with a config file? -

I want to create an APK with some big configurations with an XML file. I want to know if there is any method which can control the APK's building process or encoding at our source, there is no way to create APK with our source from our source, with a slight variation based on our SQF XML file. . Or any other way to create an APK file When the app is running, I do not want to read my config file every time, I have to include a change in the application If you want to manually create your application: If you are developing in Eclipse, then the ADT plugin The enhanced project as you make changes to the source code. Eclipse automatically produces an .apk file in the project's bin folder, so you do not need to do anything extra to generate .apk. If you are developing in a non-eclipse environment, then you create your project with the Generated Build.xml Ant file in the project directory that creates ant file calls which automatically targets you for Call the buil...

Powered by Blogger