But if you are supporting multiple roles, you can't avoid such issue.

For example:

@Secure({"developer", "simple"})
public void destroyEverything(){
// access the nuclear reactor
}

So the interceptor will look into this method and say "geez we have
simple role here" and bang!

What would be the solution for such problem?

Sebastien Blanc wrote:
> Well, I was thinking of annotating methods, so delete all the thing
> will be only for "developer" and "admin"

--
abstractj



_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev