Authentication and dynamic permissions

Navigation
1

I need to make a series of features available in a REST service, but security is dynamic. That is, an administrator can change the permissions according to his will.

In my searches, I only find authentication forms where permissions to resources are pre-established via the configuration file / roles, that is, a user must belong to a group (role) and this group has access to a list of resources. This does not work for me, since more groups can be created at any time with different permissions.

One way I figured is to send the user / password to each request and set whether the user is allowed at the time of execution of this method, but I believe there is a more sophisticated way to resolve this.

    
asked by anonymous 22.06.2016 / 16:40

1 answer

0

Nilson,

One of the ways I've solved a project is with each login through a mobile application, the authentication response in addition to security token, and more, returns a Profile object. This profile object is a list of actions. This list of actions contains all the important and transactional actions the user can exercise in the system or not (explicitly). By groups it is complicated because often, it is very "granular" authorization characteristics (I mean: very detailed access in each function / option / screen / field).

When an action is modified (withdrawn or acquired) for that user, a PUSH arrives and I modify it in the application profile. The profile stays at all times in the application memory as a Singleton in a single instance. Whenever I need it, I ask if it can perform that operation and grant access or not / display the feature or not. This avoids doing a timer with pooling (consuming bandwidth and server unnecessarily).

This is actually a method that is independent of the technology adopted. If you use Spring for example with Java, you will have some facilities to do the transactions controlled by the routes, create an interceptor to decide if the resource can be accessed or not.

Any questions you may have and we will try to help you further.

    
22.06.2016 / 19:34
DropDownList with data from an Enum Pinning Certificate Application in APP