Community
Participate
Working Groups
Once an authorisation service is available, it would be convenient to annotate specific 'execution join points' (in AspectJ this is for instance a method execution) to authorize its usage. E.g.: @Permission public void executeMyMagicMethod() { // execute code that must be authorized } The injection engine would have to resolve an/the authorisation service instance (from the IEclipseContext) and call its authorise method. There are plenty of other join points where the Permisssion annotation could be used such as the other core annotations...
Just a note: The 'Permission' identifier is already in use by the authentication service (in UAA services API)... so, it should be called @Authorize...
One of the things discussed was the basic concept of a User and their Roles. Once that's in place, then roles would be assigned to various places in the model. Ex, a Part Descriptor, or a Part in a stack, or a Command or a MenuContribution. Consumers of those pieces of the model would have to validate their behavior (is it visible to this user, can this user execute it) based on matching roles. PW
I'd rather call it "@Privileged(String permission)" to be in line with the rest of Java. I don't think it ties well into injection. Rather, I'd prefer to see an analog of "doPrivileged()" method, maybe, tied to an Eclipse context.
