We have a business scenario is as follows:
We have a company tree in Oracle datanase.For example
below is a simple tree
1). At the time of request, following things are
A). Subject Attribute:
UserId : xyz
Role/Group membership : ABC-Update_Role
Company attribute: 123TREE (Note: It is the
LDAP query which returned this value.The user has the
node 123 and subtree below it)
B). Resource: 123_1 (Which is a
C). Action: Update-Billing-Information
2). Following are defined for the user in LDAP store:
A). UserId : xyz
B). Role/Group membership:
C). Company attribute: Its value could be
Company_Id = 123 and word TREE which means this user
gets all the subsidiaries starting from
If word TREE is not there, then user gets
only that particular company.
No immediate children or descendants.
It is defined in an XML string in LDAP as
3). Following Company tree is stored in some Oracle
database. We can get the tree information using Oracle
SQL "connect by" clause.
When, we get Company_Id , 123_1 in the request,
we need to make a call to this Oracle store by doing a
substring and just making a call to the database
using 123_1 and get all the parents.This could be upto
10 levels up.
Since, user has got 123 and TREE in their profile, we
need to find the parent of 123_1 and if it matches ,
the user is authorized.
Can anyone suggest the policy and request xml files
for the above and
where to extend the Java code for making a call to
the Oracle database for Tree information and
LDAP for user role and company attribute information
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around