• Type: New Feature New Feature
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:


      We already support the concept of roles and permissions. The framework should also support the concept of 'groups' as well, but we need to clearly define what we mean by group.

      Although simplified, I define them as the following:

      Permission - an atomic representation of ability to perform some action on a given target. A permission has nothing to do with a user - e.g. open a file, access a menu, etc.
      Role - a named collection of permissions. A user "gains" permissions implicitly by having roles (which contain permissions).
      Group - an tertiary association construct - A group has 1 collection of users and 1 collection of roles. That is, I view a group as a convenience mechanism - a user has the group's roles by implicit association - i.e. a user is in 1 or more groups, and each group has one or more roles, therefore by transitive association, a user has these roles (which in turn have permissions).

      The good thing about JSecurity is that, even if other people's definitions of these constructs differ, JSecurity doesn't require the above definitions to be true - that is up to the application. It only provides methods for hasPermission/checkPermission, hasRole/checkRole, and with this task being complete, hasGroup/checkGroup. The underlying Realm implementation actually interprets what those calls mean, so application-specific Realms still have the final say as to what those calls actually do.

      Upon adding hasGroup/checkGroup implementations, supporting framework needs to be implemented as well (e.g. tag libs)


        Niclas Hedhman made changes -
        Project Ki [ 12310890 ] Shiro [ 12310950 ]
        Key KI-20 SHIRO-28
        Component/s Authorization (access control) [ 12312673 ]
        Component/s Specification API [ 12312684 ]
        Fix Version/s 1.0 [ 12313690 ]
        Alan Cabrera made changes -
        Component/s Authorization (access control) [ 12312673 ]
        Component/s Specification API [ 12312684 ]
        Alan Cabrera made changes -
        Fix Version/s 1.0 [ 12313690 ]
        Alan Cabrera made changes -
        Component/s Specification API [ 12312423 ]
        Fix Version/s 1.0 [ 12313312 ]
        Project JSecurity [ 12310812 ] Ki [ 12310890 ]
        Key JSEC-1 KI-20
        Component/s Authorization (access control) [ 12312403 ]
        Jeremy Haile made changes -
        Field Original Value New Value
        Fix Version/s 1.0 [ 12313312 ]
        Alan Cabrera created issue -


          • Assignee:
            Les Hazlewood
            Alan Cabrera
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: