This forum has been archived. Please start a new discussion on GitHub.

How to add access control to the ICE based system

I want to add access control(AC) to the ICE based system. The access control atom is per-operation (slice definition), and the AC framework is RBAC.
The basic procedure: client--Glacier2--AC--operation--logger. AC and operation(server) and logger are all deployed on IceGrids.
my purpose: decouple the access control from domain function and logger.

i have found 3 methods from ice3.4.1 document
1.servant locators
2.dispatch interceptors
3.dynamic dispatch using Blobject

Dynamic dispatch using Blobject is the prefered method, but it's "tedious to implement". And the Glacier2 service does not provide such a AC plugin interface.
I want to know which is the best way to implement AC.