Changing JAAS roles based on software license flags

Question

I've got a pretty ordinary JEE application running on JBOSS. It uses the JBoss DatabaseLoginModule JAAS authentication. It also has application layer users/roles in Hibernate that are exactly the same.

I've got an idea ( which I think is pretty useful for me, anyway) to have a capability bit I can set in the software license object (not using hibernate) that makes all users the read-only user. This lets me make a read only version of the product by relicensing it.

What I'd like to do is remap the user associations based on a boolean flag accessible inside the program.

So normally we get ( many-many join)

User -*UserRole*-Role -*RoleActions

where

user.roleid =>role.id

When the boolean is set ( a capability bit set in the software license )

I'd like JAAS to act like all users were roleid =1 when the license says so.

Any ideas ?

Answer 1

Maybe I'm missing the boat here, but why not do that programatically?

In User object, provide a transient getter like getAuthenticatedRoles() that would additionally filter what Hibernate loaded. Additonally, make the original mapped collection getter protected, and use only getAuthenticatedRoles() from other Java code.

Answer 2

By subclassing DatabaseServerLoginModule I can perform extra checks. ( on the software licence)

Trivially I can then

1. If the licence is expired, give A Readonly user ( the credentials are fixed)

2. If the license has the read-only capability bit set, give the Read-only user ( the credentials are fixed)

Since the login has been intercepted, the Hibernate User lookup will be for the right user.