1 Reply Latest reply: Dec 20, 2011 9:38 AM by 376398 RSS

    Java ee 6 security authorization

      Good day,
      I'm developing a web application in java ee 6 using JSF and EJB. I authenticate against LDAP server and now I need to implement an authorization. Roles will be created dynamically ("ROLE_ADMIN_SECTION_34567876543"). I haven't found a solution for dynamic control of roles for java ee. Therefore I hope that someone here will help.
      I'm interested in something, that works like AccessDecisionManager in Spring Security (Acegi security), but I would like to use J EE without Spring security. The code from Spring looks like this:
      private UUID authorizeAdminAccess(UUID adUuid) {
                Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                UUID adOwnerUUID = adDAO.getAdLessorSiteUUID(adUuid);
                accessDecisionManager.decide(authentication, null,
                          Arrays.asList((ConfigAttribute) new SecurityConfig(SecurityUserService.ROLE_LESSOR_SITE_ADMIN + adOwnerUUID)));
                return adOwnerUUID;

      Thank you!