[errai-dev] fine grained security
Erik Jan de Wit
edewit at redhat.com
Tue Jun 18 07:52:13 EDT 2013
Hi,
We (Jonathan and I) had a chat today with Shane Bryzak how we could implement fine grained security. To give a little context Jonathan felt a need for something like that when integrating errai-security into the TODO list demo. He wants users to be able to share their lists with others. Another use for this would be in navigation, when a user can be shown a page only, if the request parameters combination is allowed for the specific user.
PicketLink supports fine grained security when one implements a Service Provider Interface
public interface PermissionResolver
{
public enum PermissionStatus {
ALLOW, DENY, NOT_APPLICABLE
}
PermissionStatus hasPermission(Object resource, String operation);
PermissionStatus hasPermission(Class<?> resourceClass, Serializable identifier, String operation);
}
Now the only thing we need to figure out is, a way to fit this into an api so that it's not PicketLink specific. And even better have it declarative, but it seems to be to fine grained to do that.
I've create some issues already to track work on these things.
Any thoughts,
Erik Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/errai-dev/attachments/20130618/4d16e8a4/attachment.html
More information about the errai-dev
mailing list