2

I'm trying to implement deadbolt2 groups, but I am puzzled how I am supposed to achieve this. I am using Play 2.2.1, Deadbolt 2.2.RC4 and Hibernate 4.3.1 with a MySQL database.

I have been able to implement some of Deadbolt:. I can login, register users and annotate methods with @SubjectPresent I would now like to annotate my functions with this: @Restrict(@Group("Administrator")).

I have been using Deadbolt2-java-example as a guide, but the part concerning groups seems obscure to me.

In the model AuthorisedUser I have: 

    @ManyToMany
public List<SecurityRole>   roles;

In my database this creates a table called AuthorisedUser_SecurityRole The problem I have is that I have no idea how I am supposed to query this table. Typing the table name will give me a run-time error. AuthorisedUser_SecurityRole is not mapped. The same applies if I type roles

What I am wondering about then is:

  1. How and where do I create new groups?
  2. How do I retrieve/query the list roles (list of groups a user belongs to)
  3. How do I add groups to a user?

Please let me know if you need to see any of my code, but I am unsure what you would need to see as most of the code is standard from the deadbolt example.

NoClueBlue
  • 451
  • 4
  • 17

1 Answers1

1

Roles

The roles held by a user should be available from your AuthorisedUser object. The AuthorisedUser class must implement be.objectify.deadbolt.core.models.Subject, and the getRoles() method returns your roles.

If you're using an ORM such as Hibernate, roles will be populated when you access it via AuthorisedUser.

Groups

The strings provided to the Group annotation need to match the name of the security role.

So, you would have a SecurityRole whose getName() method returns "Administrator". All users who are administrators have this role. When the user attempts to access your restricted method, Deadbolt checks the roles held by that user and matches the name provided in Group to the name of the role.

If you have more than one parameter in Group, e.g. @Restrict(@Group("Foo", "Bar")) the user must have both the Foo and Bar roles. The parameters of a Group define an AND relationship.

To have an OR relationship, use multiple Groups, e.g. @Restrict(@Group("Foo"), @Group("Bar")) - in this case, the user must have a Foo or Bar role.

Steve Chaloner
  • 8,162
  • 1
  • 22
  • 38
  • Thanks for your reply, I had given up hope on this one. I am still unsure how I will go about adding a user to a group. How am I able to insert into `AuthorisedUser_SecurityRole`? Also is there a fully integrated deadbolt example online I can take a look at? – NoClueBlue Mar 24 '14 at 10:13
  • Not enough space in the comment to go into this fully, so I'll add another answer. – Steve Chaloner Mar 24 '14 at 10:51