[jboss-cvs] jboss-seam/doc/reference/en/modules ...
Shane Bryzak
Shane_Bryzak at symantec.com
Mon Feb 12 02:55:49 EST 2007
User: sbryzak2
Date: 07/02/12 02:55:49
Modified: doc/reference/en/modules security.xml
Log:
JBSEAM-732 entity security
Revision Changes Path
1.30 +22 -11 jboss-seam/doc/reference/en/modules/security.xml
(In the diff below, changes in quantity of whitespace are not shown.)
Index: security.xml
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/doc/reference/en/modules/security.xml,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -b -r1.29 -r1.30
--- security.xml 10 Feb 2007 05:46:58 -0000 1.29
+++ security.xml 12 Feb 2007 07:55:49 -0000 1.30
@@ -604,13 +604,14 @@
<title>Securing Entities</title>
<para>
- Seam security also makes it possible to apply security restrictions to insert, update and
+ Seam security also makes it possible to apply security restrictions to read, insert, update and
delete actions for entities. The security check performed for these operations (on entities
for which security is enabled) is the permission check <literal>entityName:action</literal>,
where <literal>entityName</literal> is the name of the entity (or the class name if no @Name is
- specified), and the <literal>action</literal> is either <literal>insert</literal>,
- <literal>update</literal>, or <literal>delete</literal>. Here's an example of an entity
- permission rule from the seamspace example:
+ specified), and the <literal>action</literal> is either <literal>read</literal>,
+ <literal>insert</literal>, <literal>update</literal>, or <literal>delete</literal>. Here's an
+ example of an entity permission rule that checks if the authenticated user is allowed to create
+ a new blog entry (from the seamspace example):
</para>
<programlisting>
@@ -634,20 +635,22 @@
</para>
<sect3>
- <title>Entity security using JPA</title>
+ <title>Entity security with JPA</title>
<para>
Security checks for EJB3 entity beans are performed with an <literal>EntityListener</literal>.
- To secure individual entity beans, add the <literal>@EntityListeners</literal> annotation like so:
+ To secure individual entity beans, add both <literal>@Restrict</literal> and
+ <literal>@EntityListeners</literal> annotations like so:
</para>
<programlisting>
<![CDATA[
import javax.persistence.EntityListeners;
-import org.jboss.seam.security.SecurityEntityListener;
+import org.jboss.seam.security.JPASecurityListener;
@Entity
@Name("customer")
- at EntityListeners(SecurityEntityListener.class)
+ at EntityListeners(JPASecurityListener.class)
+ at Restrict
public class Customer {
...
}
@@ -655,9 +658,17 @@
</programlisting>
</sect3>
+ <sect3>
+ <title>Entity security with Hibernate</title>
<para>
-
+ If you are using Hibernate as your application's ORM, securing entity beans is as simple as
+ adding a <literal>@Restrict</literal> annotation, as long as you use the
+ <literal>HibernateSessionFactory</literal> provided with Seam. This component will create
+ a <literal>SessionFactory</literal> that is configured to use <literal>HibernateSecurityInterceptor</literal>,
+ a Hibernate interceptor similar to the JPA entity listener described above that checks for permissions
+ on restricted entities.
</para>
+ </sect3>
</sect2>
</sect1>
More information about the jboss-cvs-commits
mailing list