[
https://issues.jboss.org/browse/SEAMFACES-33?page=com.atlassian.jira.plug...
]
Brian Leathem commented on SEAMFACES-33:
----------------------------------------
I had initially thought of creating a Faces @Restrict tag, that would use EL to grant/deny
access to a page.
Shane pointed out we should rather be using the typesafe security annotations from Seam
security (an optional Dependency). The app dev would build annotations that are annotated
with @SecurityBindingType, and put these annotations in the @ViewConfig enum.
Faces will listen for the PostConstructViewMapEvent, retrieve the list of
@SecurityBindingType annotations from the @ViewConfig, then throw a CheckSecuredViewEvent.
The Seam Security module will observe it, do the security check, and return a boolean.
Not as straightforward as @Restrict(#{expersionLanguage}), but type safety is definitely a
big benefit.
Create a solution for consolidated page-flow, transactional control,
security constraints and URL-rewriting configuration
-------------------------------------------------------------------------------------------------------------------------
Key: SEAMFACES-33
URL:
https://issues.jboss.org/browse/SEAMFACES-33
Project: Seam Faces
Issue Type: Feature Request
Components: Configuration API
Reporter: Lincoln Baxter III
Assignee: Brian Leathem
Priority: Blocker
Fix For: 3.0.0.Final
We need a solution to address consolidated page-flow, transactional control, security
constraints, and perhaps URL-rewriting -- all in one place.
It has been previously discussed that a type-safe API be possible for this - which is
definitely preferred over XML configuration:
http://old.nabble.com/Replacing-pages.xml-td27649799.html
--
This message is automatically generated by JIRA.
For more information on JIRA, see:
http://www.atlassian.com/software/jira