[jboss-as7-dev] Securing the Console
Heiko Braun
hbraun at redhat.com
Tue Jan 25 09:25:17 EST 2011
On Jan 25, 2011, at 12:35 PM, Darran Lofthouse wrote:
> Another aspect to consider is that values in the model can be described as "read only" and "read write"
IMO this distinction doesn't make sense at all. All attributes are read-only by default and for operations you don't know
if they change state (guess this would be called 'write'). IMO we should drop these weak classifications and simply use a role based approach. Similar to the EE specs. Either can execute the operation or you can't, depending wether or nor you inherit a particular role.
More information about the jboss-as7-dev
mailing list