[wildfly-dev] add rbac support to picketlink

Hi, I plan to add rabc support to picketlink console + extension (https://github.com/picketlink2/picketlink-console) I read the https://community.jboss.org/wiki/AccessControlNotes pages and docs, I understood they explain about the design of the rbac solution and not how to use it. But I would like more guidance related to the code samples and how to protect resources accordingly to the role the user is associated. I understand there are two places to protect resources, - management level, protect CLI and GUI operations - GUI protect and hide features from unauthorized users. Should I first protect the management operations, used in management operations, at the extension level ? then proceed to protect the HAL extension ? I looked into org.jboss.as.console.client.shared.subsys.mail.MailPresenter, how it is used to protect resources, but could not find how the "add", "remove" "enable" buttons are hidden. What means the annotation in the code. @ProxyCodeSplit @NameToken(NameTokens.MailPresenter) @AccessControl(resources = {"{selected.profile}/subsystem=mail/mail-session=*"}) public interface MyProxy extends Proxy<MailPresenter>, Place {} Does @AccessControl reads the resource permission and injects some code to HAL understood it needs to protect it ? If you can provide some guidance, would be very appreciated. Thanks -- Claudio Miranda claudio(a)claudius.com.br http://www.claudius.com.br