[jboss-dev-forums] [Design of JBoss jBPM] - Re: commands & EJB 3
tom.baeyens@jboss.com
do-not-reply at jboss.com
Sun Feb 18 04:36:29 EST 2007
The method in the authorization service looks like this
void checkPermission(Permission permission) throws AccessControlException;
the idea is that in the jbpm code, we should just check for jbpm type of permissions. e.g. org.jbpm.permission.TokenPermission or org.jbpm.permission.TaskPermission (to be created).
in the authorization service checkPermission method, you could then map these permissions to EjbRoleRefPermissions WebRolePermission (or something like that) from the JACC specification and then use the SecurityManager to perform the actual check. the result will be a role check as if it was done inside of the webapp or ejb's.
does this help you further ?
regards, tom.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018466#4018466
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018466
More information about the jboss-dev-forums
mailing list