<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Rahul,<br>
<br>
They are fundamentally two very different things. A role is
typically used to define a set of users for which specific
privileges are to be assigned, while a permission is used to
control access to application resources or services. A permission
check can actually use the user's roles to determine whether the
user has the necessary privilege to perform an action. Here's a
couple of pseudo-code examples to make this a little clearer:<br>
<br>
<br>
1. Restricting access to a method based on the user's role:<br>
<br>
@RolesAllowed("admin")<br>
public void doProtectedOperation() {<br>
...<br>
}<br>
<br>
2. Restricting access to a method to users with permission to
cancel a specific "order":<br>
<br>
public void cancelOrder(@HasPermission("cancel") Order order) {<br>
...<br>
}<br>
<br>
Hope that helps!<br>
<br>
Shane<br>
<br>
On 06/05/2014 09:13 AM, Rahul Mahindrakar wrote:<br>
</div>
<blockquote
cite="mid:CACkztbRk1prtvtBQJc8qHVygTjFMdZooKyK3-m3QOYssXuU3rA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>Hi<br>
<br>
</div>
I have not been able to have a grasp of the difference
between the usage of Role and permissions.<br>
<br>
</div>
Can someone guide me in this direction<br>
<br>
</div>
Thanks<br>
Rahul <br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
security-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/security-dev">https://lists.jboss.org/mailman/listinfo/security-dev</a></pre>
</blockquote>
<br>
</body>
</html>