[seam-commits] Seam SVN: r9193 - trunk/doc/Seam_Reference_Guide/en-US.

seam-commits at lists.jboss.org seam-commits at lists.jboss.org
Sun Oct 5 02:49:46 EDT 2008 

Author: shane.bryzak at jboss.com
Date: 2008-10-05 02:49:45 -0400 (Sun, 05 Oct 2008)
New Revision: 9193

Modified:
   trunk/doc/Seam_Reference_Guide/en-US/Security.xml
Log:
JBSEAM-3446

Modified: trunk/doc/Seam_Reference_Guide/en-US/Security.xml
===================================================================
--- trunk/doc/Seam_Reference_Guide/en-US/Security.xml	2008-10-04 16:04:51 UTC (rev 9192)
+++ trunk/doc/Seam_Reference_Guide/en-US/Security.xml	2008-10-05 06:49:45 UTC (rev 9193)
@@ -133,9 +133,10 @@
         to authenticate users.  This method takes no parameters, and is expected to return a boolean, which indicates
         whether authentication is successful or not.  The user's username and password can be obtained from
         <literal>Credentials.getUsername()</literal> and <literal>Credentials.getPassword()</literal>,
-        respectively.  Any roles that the user is a member of should be assigned using
-        <literal>Identity.addRole()</literal>. Here's a complete example of an authentication method
-        inside a POJO component:
+        respectively (you can get a reference to the <literal>credentials</literal> component via
+        <literal>Identity.instance().getCredentials()</literal>).  Any roles that the user is a member of 
+        should be assigned using <literal>Identity.addRole()</literal>. Here's a complete example of an 
+        authentication method inside a POJO component:
       </para>
 
       <programlisting role="JAVA"><![CDATA[@Name("authenticator")
@@ -2824,10 +2825,9 @@
 
       <para>
         If no expression is specified in the <literal>@Restrict</literal> annotation, the default security check
-        that is performed is a permission check of <literal>entityName:action</literal>,
-        where <literal>entityName</literal> is the Seam component name of the entity (or the fully-qualified class name if no @Name is
-        specified), and the <literal>action</literal> is either <literal>read</literal>,
-        <literal>insert</literal>, <literal>update</literal> or <literal>delete</literal>.
+        that is performed is a permission check of <literal>entity:action</literal>, where the permission target 
+        is the entity instance, and the <literal>action</literal> is either <literal>read</literal>, <literal>insert</literal>, 
+        <literal>update</literal> or <literal>delete</literal>.
       </para>
 
       <para>

More information about the seam-commits mailing list