<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Of course, that's totally up to you.
The permission check SPI [1] is easily extensible and allows you
to apply whichever business logic you like to determine whether
the permission is granted or not. <br>
<br>
[1]<br>
public interface PermissionVoter {<br>
public enum VotingResult {ALLOW, DENY, NOT_APPLICABLE }<br>
<br>
VotingResult hasPermission(IdentityType recipient, Object
resource, String operation);<br>
<br>
VotingResult hasPermission(IdentityType recipient,
Class<?> resourceClass, Serializable identifier,<br>
String operation);<br>
}<br>
<br>
On 06/05/2014 09:40 AM, Rahul Mahindrakar wrote:<br>
</div>
<blockquote cite="mid:538fae91.eb2c700a.63f7.4147@mx.google.com"
type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<div>
<div style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri,sans-serif">Is
it possible To aggregate permissions under roles.<br>
<br>
This makes it easier To grant roles To A user and thereby A
large set OF permissions.<br>
</div>
</div>
<div dir="ltr">
<hr>
<span style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri,sans-serif;
FONT-WEIGHT: bold">From: </span><span style="FONT-SIZE: 11pt;
FONT-FAMILY: Calibri,sans-serif"><a moz-do-not-send="true"
href="mailto:sbryzak@redhat.com">Shane Bryzak</a></span><br>
<span style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri,sans-serif;
FONT-WEIGHT: bold">Sent: </span><span style="FONT-SIZE: 11pt;
FONT-FAMILY: Calibri,sans-serif">2014-06-05 01:29</span><br>
<span style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri,sans-serif;
FONT-WEIGHT: bold">To: </span><span style="FONT-SIZE: 11pt;
FONT-FAMILY: Calibri,sans-serif"><a moz-do-not-send="true"
href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a></span><br>
<span style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri,sans-serif;
FONT-WEIGHT: bold">Subject: </span><span style="FONT-SIZE:
11pt; FONT-FAMILY: Calibri,sans-serif">Re: [security-dev]
Permission and Role</span><br>
<br>
</div>
<div class="moz-cite-prefix">Hi Rahul,<br>
<br>
They are fundamentally two very different things. A role is
typically used to define a set of users for which specific
privileges are to be assigned, while a permission is used to
control access to application resources or services. A
permission check can actually use the user's roles to determine
whether the user has the necessary privilege to perform an
action. Here's a couple of pseudo-code examples to make this a
little clearer:<br>
<br>
<br>
1. Restricting access to a method based on the user's role:<br>
<br>
@RolesAllowed("admin")<br>
public void doProtectedOperation() {<br>
...<br>
}<br>
<br>
2. Restricting access to a method to users with permission to
cancel a specific "order":<br>
<br>
public void cancelOrder(@HasPermission("cancel") Order order) {<br>
...<br>
}<br>
<br>
Hope that helps!<br>
<br>
Shane<br>
<br>
On 06/05/2014 09:13 AM, Rahul Mahindrakar wrote:<br>
</div>
<blockquote
cite="mid:CACkztbRk1prtvtBQJc8qHVygTjFMdZooKyK3-m3QOYssXuU3rA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>Hi<br>
<br>
</div>
I have not been able to have a grasp of the difference
between the usage of Role and permissions.<br>
<br>
</div>
Can someone guide me in this direction<br>
<br>
</div>
Thanks<br>
Rahul <br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
security-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/security-dev">https://lists.jboss.org/mailman/listinfo/security-dev</a></pre>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>