Hi,
We (Jonathan and I) had a chat today with Shane Bryzak how we could implement fine grained
security. To give a little context Jonathan felt a need for something like that when
integrating errai-security into the TODO list demo. He wants users to be able to share
their lists with others. Another use for this would be in navigation, when a user can be
shown a page only, if the request parameters combination is allowed for the specific
user.
PicketLink supports fine grained security when one implements a Service Provider Interface
public interface PermissionResolver
{
public enum PermissionStatus {
ALLOW, DENY, NOT_APPLICABLE
}
PermissionStatus hasPermission(Object resource, String operation);
PermissionStatus hasPermission(Class<?> resourceClass, Serializable identifier,
String operation);
}
Now the only thing we need to figure out is, a way to fit this into an api so that
it's not PicketLink specific. And even better have it declarative, but it seems to be
to fine grained to do that.
I've create some issues already to track work on these things.
Any thoughts,
Erik Jan