[wildfly-dev] add rbac support to picketlink
Claudio Miranda
claudio at claudius.com.br
Tue Feb 11 08:09:43 EST 2014
Hi, I plan to add rabc support to picketlink console + extension
(https://github.com/picketlink2/picketlink-console)
I read the https://community.jboss.org/wiki/AccessControlNotes pages
and docs, I understood they explain about the design of the rbac
solution and not how to use it.
But I would like more guidance related to the code samples and how to
protect resources accordingly to the role the user is associated.
I understand there are two places to protect resources,
- management level, protect CLI and GUI operations
- GUI protect and hide features from unauthorized users.
Should I first protect the management operations, used in management
operations, at the extension level ?
then proceed to protect the HAL extension ?
I looked into org.jboss.as.console.client.shared.subsys.mail.MailPresenter,
how it is used to protect resources, but could not find how the "add",
"remove" "enable" buttons are hidden.
What means the annotation in the code.
@ProxyCodeSplit
@NameToken(NameTokens.MailPresenter)
@AccessControl(resources =
{"{selected.profile}/subsystem=mail/mail-session=*"})
public interface MyProxy extends Proxy<MailPresenter>, Place {}
Does @AccessControl reads the resource permission and injects some
code to HAL understood it needs to protect it ?
If you can provide some guidance, would be very appreciated.
Thanks
--
Claudio Miranda
claudio at claudius.com.br
http://www.claudius.com.br
More information about the wildfly-dev
mailing list