[jboss-user] [Security & JAAS/JBoss] - Re: Check access to bean methods from bean

[matt10]

j2ee_junkie,

Thanks for your input.

I trivialised my use case as enabling/disabling menu items for the sake of forum post.

My client is not so much a fat client as an automatic user interface which exposes business methods directly to the user. It generates forms and offers functionality with little or no client-side coding required. It creates wizards to gather parameters required to invoke business processes and interacts JBPM business processes with the user.

The user interface metadata, hints, such as "Group these fields visually" and "Show a full-size calendar here rather than a date control" are attached to the business methods on the bean and to parameters and passed to the client along with datasets. This allows rapid development of CRUD functionality and easy exposing of new useful-to-business code to the user.

I agree with what you are saying in general use but the client is agnostic to the session beans and entities it is working with. Many methods are exposed to the User rather than the client, hence checking if the User can access the Method, where the method is accessible to the user.

If you still think I am using the wrong strategy I am happy to debate :)

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3963661#3963661

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3963661