How do you implement fine-grained access control? For a project I need to implement a fine-grained access control. My idea is to let a JDBC-Realm handle the login and to implement the fine-grained access-control where the role may vary for the specific users and the pages they look at.
This I would implement in RequestProcessor.processActionPerform(...) where I check the users role for the specific page and based on that get the respons taylored for that role and check whether they may do what they intend. Example: Some users may edit a page. Who that may edit the page varies over time. The users role on the page is set per page. As far as I understand Realm only checks whether the user may use a specific method (action). No finegrained access-control is possible. I'm surely not the first to do something like this. So please enlighten me with ideas on how you'd implement this. Morten Andersen Denmark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
