[jboss-user] [JBoss Seam] - Re: seam-security example

[sbryzak2]

The security API is still under heavy construction and I've yet to write documentation for it.  The @Secure annotation is used to "secure" access to a component or component method by specifying which roles or permissions are required to be able to invoke it.  

Within the security API there are two types of permissions; "static" and "dynamic" (those are the best descriptions I can come up with).  Static permissions are intended to be allocated to roles at initialization time, and to answer your question about how to set up user/roles with permissions, this bit isn't implemented yet.

Dynamic permissions are used when you need to make a decision based on some contextual information whether a permission should be granted or not.

The checkPermission() call is necessary because it performs an explicit permissions check against the specified object using its ACL - something that you can't do with an annotation.  This is the functionality I'm currently working on, and as a result the security example may break occasionally.


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985641#3985641

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985641