I've got a pretty ordinary Java EE application running on JBOSS. It uses the JBoss DatabaseLoginModule JAAS authentication. It also has application layer users/roles in Hibernate that are exactly the same.
I've got an idea ( which I think is pretty useful for me, anyway) to have a capability bit I can set in the software license object (not using hibernate) that makes all users the read-only user. This lets me make a read only version of the product by relicensing it.
What I'd like to do is remap the user associations based on a boolean flag accessible inside the program.
So normally we get ( many-many join)
User -*UserRole*-Role -*RoleActions
where
user.roleid =>role.id
When the boolean is set ( a capability bit set in the software license )
I'd like JAAS to act like all users were roleid =1 when the license says so.
Any ideas ?
By subclassing DatabaseServerLoginModule I can perform extra checks. ( on the software licence)
Trivially I can then
If the licence is expired, give A Readonly user ( the credentials are fixed)
If the license has the read-only capability bit set, give the Read-only user ( the credentials are fixed)
Since the login has been intercepted, the Hibernate User lookup will be for the right user.