jsf - Dynamic Authentication and Authorization Mechanism -


i developing web application consisting of different domains. have tried implement hierarchical rbac authorization. each domain has predefined operations in bo implementations. following bo package hierarchy.

com.mycompany.bo
...domain1
...domain2
.
...domainn
...rbac

i predefine following role hierachy @ first deployment, don't want maintain rbac operations after first deployment, mean domain rbac operations should self maintainable domain admins.

                root domain1admin domain2admin .. domainnadmin 

the root role can authorize on operations under bo implementations , each domain admin can authorize on own operations , rbac operations create user, edit user, create role etc also.
finally, have developed ui part of project abiding facelet facilities, include tag can distinguish ui fragments of page. result, can render ui fragment respect whether the user authorized view fragment or not. any suggestion authorization design of system helpful.

now, came authentication part of project. in system user not authenticate on internally should authenticate on external system via web service or ldap, since user may have been created in there.

spring framework provides facilities authentication via ldap(statically configurable in xml). in case, want add remove edit new ldap definitions in runtime , can change user authentication method(may selecting new ldap combobox). how can dynamically add new ldap definitions in spring, shall continue spring security or implement feature own own?


Comments