SWAMP Index Design
SWAMP
* Home
* Documentation
* License
* Demo Server
* Wiki
* Screenshots
* F A Q
* Downloads
* Contact
* Credits

SWAMP is supported by:
SourceForge.net Logo
and
Novell

Implementation of Permissions and Roles

Workflow-type specific roles

Every call for a SWAMPAPI method is checked for sufficient permissions of the provided user. So we are securing access to Task- Workflow- and WorkflowTemplate Objects at this layer. If the user does not have the permission to read / write a requested Object an Exception will be thrown by the API that can be displayed in the GUI / SOAP etc. interface. To make a smooth GUI that does no give the user the option to request Objects he is not allowed to see the permissions can be checked by:

  • boolean Workflow.hasRole(String username, String role)

  • boolean WorkflowTemplate.hasRole(String username, String role)

for the Workflow roles, and for the general permissions with:

SecurityManager.isGroupMember(SWAMPUser user, String groupName)

General SWAMP roles

We use a simple user / group / role system here, that uses the database tables dbUsers, dbGroups, dbPermissions, dbGroup_Permissions, dbUsers_Groups. For now we only have one group "swampadmins" with the permission "admin_permission" that is assigned to the admin of the swamp installation. This group is allowed to do maintenance actions, as reloading workflow definition files and emptying the workflow cache. Additionally members of the "swampadmins" group are automatically admins of all workflows.


Valid CSS! Valid XHTML 1.0!