[jboss-user] [JBoss Seam] - Re: Question regarding Identity.hasPermission(...)
shane.bryzak@jboss.com
do-not-reply at jboss.com
Fri Feb 16 18:02:53 EST 2007
"spambob" wrote :
| 1. the security-rules.drl requires - i.e. - a Member in the working memory: is it right that those objects are inserted into the working memory via s:hasPermission / RuleBasedIdentity.hasPermission(...) (the 3rd+ parameter) and they stay there only for one evaluation ?
Yes, they only stay there for a single permission evaluation.
"spambob" wrote :
| 2. The PermissionCheck objects & the additional facts live in the working memory only for one evaluation - so if I have 2 permissions checks within 1 request that check for the same permission all the stuff is reevaluated a 2nd time ?
That's right.
"spambob" wrote :
| 3. The most important one: Why do you add "activation-group permissions" in the security-rules.drl file (the rules should be mutually exclusive because there is just one PermissionCheck in the working memory) ?
Strictly speaking you probably don't need this. I've just included it as a safety mechanism to ensure that only one of the rules will match (I previously had a catch-all rule to deal with role permissions, but these have been removed).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4017938#4017938
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4017938
More information about the jboss-user
mailing list