I have a Policy Server where I'm creating resources & roles. The resources are guided by policies which is defined based on the roles. For ex. assume we have the following resources button1, button2, Submit, table2 & Roles like Google:NA:Admin, Yahoo:CHN:Admin, Google:CHN:User, Alphabet:EU:Admin, etc.. The user will be registering for a role by logging into the Policy Server site by providing username and password. I'm getting authorized resource list for each user from a server. The response from the server will be like the following for a username "greenUser" (the only parameter sent as part of the POST request to Policy Server API).
{"permit":[ "button1", "table2", "Role:Google:NA:Admin", "Submit" ] }
The requirement is to determine the Role of the user, Region, Company & the list of resources he has access. So, I created a resource on the same name of the "Role" and restricted the access in Policy Server for that particular Role. eg: I created a role "Google:NA:Admin" and created a policy to restrict the access to only role "Role:Google:NA:Admin". The intention is to find this resource as part of the response and to determine the Role the user is having. There is a possibility that a user can having multiple roles. eg. He can be an admin for Google (NA region) & Alphabet (EU region).
To determine the Region and Company from the roles. I created a JSON like the following:
{ "Roles" : [{ "Google" : [{ "NA" : ["Role:Google:NA:Admin", "Role:Google:NA:User"]},{ "CHN" : ["Role:Google:CHN:Admin", "Role:Google:CHN:User"]} ] }, { "Alphabet" : [{ "NA" : ["Role:Alphabet:NA:Admin", "Role:Alphabet:NA:User"]},{ "CHN" : ["Role:Alphabet:CHN:Admin", "Role:Alphabet:CHN:User"]} ] } }
I have created a method using Java which parses the entire JSON and if the value matches to the particular "Role" resource returned, then I'm capturing the Key (eg: CHN) as the Region & the key of the outer JSON Element as "Company".
I want to check if there is a better way to determine the Role, Region & Company of the user. The above mentioned JSON is my idea. I would love to hear if there is a better design or approach other than the JSON. Example Code snippets are appreciated.
Sorry for the long post. I tried my best to capture the complete requirement. Thanks in advance.