Author: shane.bryzak(a)jboss.com
Date: 2008-10-05 02:49:45 -0400 (Sun, 05 Oct 2008)
New Revision: 9193
Modified:
trunk/doc/Seam_Reference_Guide/en-US/Security.xml
Log:
JBSEAM-3446
Modified: trunk/doc/Seam_Reference_Guide/en-US/Security.xml
===================================================================
--- trunk/doc/Seam_Reference_Guide/en-US/Security.xml 2008-10-04 16:04:51 UTC (rev 9192)
+++ trunk/doc/Seam_Reference_Guide/en-US/Security.xml 2008-10-05 06:49:45 UTC (rev 9193)
@@ -133,9 +133,10 @@
to authenticate users. This method takes no parameters, and is expected to
return a boolean, which indicates
whether authentication is successful or not. The user's username and
password can be obtained from
<literal>Credentials.getUsername()</literal> and
<literal>Credentials.getPassword()</literal>,
- respectively. Any roles that the user is a member of should be assigned using
- <literal>Identity.addRole()</literal>. Here's a complete example
of an authentication method
- inside a POJO component:
+ respectively (you can get a reference to the
<literal>credentials</literal> component via
+ <literal>Identity.instance().getCredentials()</literal>). Any roles
that the user is a member of
+ should be assigned using <literal>Identity.addRole()</literal>.
Here's a complete example of an
+ authentication method inside a POJO component:
</para>
<programlisting
role="JAVA"><![CDATA[@Name("authenticator")
@@ -2824,10 +2825,9 @@
<para>
If no expression is specified in the <literal>@Restrict</literal>
annotation, the default security check
- that is performed is a permission check of
<literal>entityName:action</literal>,
- where <literal>entityName</literal> is the Seam component name of the
entity (or the fully-qualified class name if no @Name is
- specified), and the <literal>action</literal> is either
<literal>read</literal>,
- <literal>insert</literal>, <literal>update</literal> or
<literal>delete</literal>.
+ that is performed is a permission check of
<literal>entity:action</literal>, where the permission target
+ is the entity instance, and the <literal>action</literal> is either
<literal>read</literal>, <literal>insert</literal>,
+ <literal>update</literal> or <literal>delete</literal>.
</para>
<para>