Dynamic role definition
jGuard provides a mechanism that allows to automatically __ enable or disable a role based on user credentials. This feature is defined in the attribute __“definition” of “principalRef” tag. This attribute must evaluate “true” or “false”. For example, we could have in jGuardUsersPrincipals.xml the following:<user>
<privateCredentials>
<credential>
<id>login</id>
<value>userA</value>
</credential>
<credential>
<id>password</id>
<value>userA</value>
</credential>
</privateCredentials>
<publicCredentials>
<credential>
<id>firstname</id>
<value>Rick</value>
</credential>
<credential>
<id>lastname</id>
<value>Dangerous</value>
</credential>
<credential>
<id>loggedProject</id>
<value>ProjectA</value>
</credential>
</publicCredentials>
<principalsRef>
<principalRef name="role1" applicationName="jGuardExample" definition="${subject.publicCredentials.loggedProject.contains('ProjectA')}" active="true"/>
<principalRef name="role2" applicationName="jGuardExample" definition="${subject.publicCredentials.loggedProject.contains('ProjectB')}" active="true"/>
</principalsRef>
</user>(subject.publicCredentials.loggedProject.contains('ProjectA') || subject.publicCredentials.loggedProject.contains('ProjectB')) && subject.privateCredentials.login.contains('userA')Syntax
jguard uses the jakarta commons JEXL project expression library to provide expressiveness on contextual variables. this project has got a syntax page: http://jakarta.apache.org/commons/jexl/reference/syntax.htmlHow to get/set role definition by code
You can get role definition using:RolePrincipal ppal = (RolePrincipal)AuthenticationManagerFactory.getAuthenticationManager().getRole(subject, role, applicationName);
String roleDefinition = ppal.getDefinition();AuthenticationManagerFactory.getAuthenticationManager().updateRoleDefinition(subject, roleName, applicationName, roleDefinition);
Version 1.3 last modified by Charles Gay on 29/12/2006 at 01:07
Document data
Attachments:
No attachments for this document
Comments: 0