18 January 2011

Role-based security in RAP

Been struggling this afternoon with role-dependent actions. I want to disable some actions unless the current user has the 'admin' role.

Found this document http://ftp.bredex.de/rcp-auth/RCP_Authorization.pdf which looks interesting. There is also a FAQ on the RAP site which covers this topic but I couldn't get it to work as I expected. The downloadable demo didn't function either :-(

More info found here https://bugs.eclipse.org/bugs/show_bug.cgi?id=71857
You could try using the activities mechanism for this.

You would:
- define separate activities corresponding to the different access levels
- define your actions in regular action sets, grouped according to access level
- associate each activity with the appropriate action sets via
activityPatternBinding elements
- set the enabled activity ids after authentication, early in the workbench
lifecycle, e.g. from your WorkbenchAdvisor's preStartup() method.

You may want to define dependencies between access levels (e.g. level A includes
level B) using the activityRequirementBinding element.

Note that this mechanism also supports dynamic changes to the set of enabled

An article from IBM http://www.ibm.com/developerworks/opensource/library/os-ecl-rcpsec/index.html

RAP Wiki http://wiki.eclipse.org/RAP/Equinox_Security_Integration

No comments:

Post a Comment