Of course, that's totally up to you.
The permission check SPI [1] is easily extensible and allows you
to apply whichever business logic you like to determine whether
the permission is granted or not.
[1]
public interface PermissionVoter {
public enum VotingResult {ALLOW, DENY, NOT_APPLICABLE }
VotingResult hasPermission(IdentityType recipient, Object
resource, String operation);
VotingResult hasPermission(IdentityType recipient,
Class<?> resourceClass, Serializable identifier,
String operation);
}
On 06/05/2014 09:40 AM, Rahul Mahindrakar wrote:
Is
it possible To aggregate permissions under roles.
This makes it easier To grant roles To A user and thereby A
large set OF permissions.
Hi Rahul,
They are fundamentally two very different things. A role is
typically used to define a set of users for which specific
privileges are to be assigned, while a permission is used to
control access to application resources or services. A
permission check can actually use the user's roles to determine
whether the user has the necessary privilege to perform an
action. Here's a couple of pseudo-code examples to make this a
little clearer:
1. Restricting access to a method based on the user's role:
@RolesAllowed("admin")
public void doProtectedOperation() {
...
}
2. Restricting access to a method to users with permission to
cancel a specific "order":
public void cancelOrder(@HasPermission("cancel") Order order) {
...
}
Hope that helps!
Shane
On 06/05/2014 09:13 AM, Rahul Mahindrakar wrote:
Hi
I have not been able to have a grasp of the difference
between the usage of Role and permissions.
Can someone guide me in this direction
Thanks
Rahul
_______________________________________________
security-dev mailing list
security-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev