Menu
My target it so assign to user permissions. For example:
User "John" belong to role ROLE_CUSTOMERS and have the permissions of: 'READ_MAILS", 'ADD_MAILS'.
User "David" belong to role ROLE_USERS and have the permissions of: 'DELETE_MAILS'
I managed to map users and roles to the ldap directory. Users -> John,David Groups -> ROLES_CUSTOMER,ROLE_USERS
But I am missing the permissions part.
I don't know how to declare the 'READ_MAILS", 'DELETE_MAILS','ADD_MAILS' attributes/permissions/task or however you call it.
How I assign each permission to a user at the ldap side?
How ill be able to retrieve those permissions in the spring security side before letting a specific user do some operation.
*I am not sure this requirement I am looking for called 'permission' please correct me if I wrong.
thanks, ray.
336
What you are looking for is fine-grained permissions / entitlements. Those are not typically stored in LDAP but rather in another solution e.g. an authorization service.
With respect to Spring Security, this article may help. Also consider the Spring API documentation on permissions.
I would recommend you consider a standards-based approach using XACML, the eXtensible Access Control Markup Language. With XACML you use roles that come from LDAP and then you write rules e.g. a manager can edit accounts that are in the same region as the user.. Check out XACML either at the OASIS website or on Wikipedia for some more information.
74
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
