Role Based Authentication

Roles are represented by tokens carried in the principal. Roles are used within the process flow to control the level of authority needed to perform specific actions. Roles can be tested within the flow by the iWay Functional Language expression _hasrole(name).

The _hasrole() function returns true if the current principal carries the named token, otherwise it returns false. For more information about this function and other security-related iFL functions, see the iWay Service Manager Component and Functional Language Reference Guide.

A sample use might be to test the role to determine whether a leg of the process flow is permitted. A standard test object can be employed for this purpose. The true edge is followed if the role is present, otherwise the false edge is followed.

In this example, a document arrives to register a sale. If the amount of the sale is under a selected floor limit, the sale is registered. If greater than the floor limit, the sender must have the 'bigsale' token. This is tested in the test object named ACL.


iWay Software