<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Nov 5, 2013 at 6:07 PM, Sebastien Blanc <span dir="ltr"><<a href="mailto:scm.blanc@gmail.com" target="_blank">scm.blanc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Sorry I don't get your example, why should destroyEverything() also have "simple" annotated? </div>
</blockquote><div><br></div><div>yep - that endpoint would be never annotated w/ "simple"; </div><div><br></div><div>I think the problem if the annotation contains "incorrect" roles or not is not a problem on the UPS.</div>
<div><br></div><div>It's more an issue w/ the underlying security framework:</div><div>E.g. how can I specify that someone with the role "simple" NEVER is able to (deep in the stack) can call entityManger.delete();</div>
<div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br><div class="gmail_extra"><br><br><div class="gmail_quote">
<div><div class="h5">On Tue, Nov 5, 2013 at 6:03 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div class="h5">But if you are supporting multiple roles, you can't avoid such issue.<br>
<br>
For example:<br>
<br>
@Secure({"developer", "simple"})<br>
public void destroyEverything(){<br>
// access the nuclear reactor<br>
}<br>
<br>
So the interceptor will look into this method and say "geez we have<br>
simple role here" and bang!<br>
<br>
What would be the solution for such problem?<br>
<div><div><br>
Sebastien Blanc wrote:<br>
> Well, I was thinking of annotating methods, so delete all the thing<br>
> will be only for "developer" and "admin"<br>
<br>
</div></div><span><font color="#888888">--<br>
abstractj<br>
<br>
<br>
</font></span><br></div></div><div class="im">_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></div></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>