Security ExtensionPoint for group resolving

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Security ExtensionPoint for group resolving

domi@fortysix.ch
Hi,
would it be possible to introduce a new ExtensionPoint to allow  
independend/additional group resolving for a user during a login?

More then once a came across this problem:
- A security infrastructure is in place
- Hudson should reuse this infrastructure to ease login (this is easy  
with the available plugins like LDAP or Active Directory)
- In Hudson additonal roles had to be introduced to allow/prohibit  
access to individual projects.
- The addional groups could not go into the original security  
infrastructure (like LDAP) - because of business requirements and long  
processes to introduce new groups/roles.

An extension point allowing to load additional groups/roles for a user  
would help a lot. During the login, just after authentication, this  
extensions should be able to resolve additional groups/roles and  
inject them in to the authorities of the user.
e.g.
List<String> loadAdditionalGroupsForUser(String userId)

This all might sound strange to you and you might even be right, but  
as you know: some times you can't change the business rules.

regards Domi


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]