Re: [jboss-as7-dev] Securing the Console
On 1/25/11 8:25 AM, Heiko Braun wrote:
On Jan 25, 2011, at 12:35 PM, Darran Lofthouse wrote:
> Another aspect to consider is that values in the model can be described as "read
only" and "read write"
IMO this distinction doesn't make sense at all. All attributes are read-only by
default and for operations you don't know
if they change state (guess this would be called 'write'). IMO we should drop
these weak classifications and simply use a role based approach. Similar to the EE specs.
Either can execute the operation or you can't, depending wether or nor you inherit a
particular role.
Sure, in the end each operation[1] has roles associated with it. This
more a configuration issue; do we require users to specify the roles for
each individual operation, or are there certain common aspects to sets
of operations that can provide a useful shorthand? If there are, we need
to know what they are.
[1] reading/writing an attribute and reading a resource are in the end
just operations
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat