[jboss-user] [JBoss Seam] - Re: Setting Authorization Roles

shane.bryzak@jboss.com do-not-reply at jboss.com
Thu Jan 24 20:02:13 EST 2008


"asookazian" wrote : What is the recommended alternative implementation strategy to hard-coding the role(s) like above in pages.xml?  for example, storing the role information in a RDBMS table so that we can update role data real-time and users are granted roles when they begin a new session.
  | 
  | Is it even necessary to do this?  the argument bein that roles for page level access do not change frequently enough to need real-time updates?

I don't quite understand what you're asking here.  Storing the user's roles in a database table is a recommended strategy.

"asookazian" wrote : Also, is it sufficient in most cases to use s:hasRole for component level restriction on JSF's instead of using s:hasPermission?

That totally depends on your own requirements.  You can use either, or mix and match as you wish.  It all depends on what kind of security model you want and how fine-grained it should be.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4123287#4123287

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4123287



More information about the jboss-user mailing list