[jboss-user] [JBoss Seam] - Re: seam-security example
sbryzak2
do-not-reply at jboss.com
Mon Nov 13 18:23:42 EST 2006
The security API is still under heavy construction and I've yet to write documentation for it. The @Secure annotation is used to "secure" access to a component or component method by specifying which roles or permissions are required to be able to invoke it.
Within the security API there are two types of permissions; "static" and "dynamic" (those are the best descriptions I can come up with). Static permissions are intended to be allocated to roles at initialization time, and to answer your question about how to set up user/roles with permissions, this bit isn't implemented yet.
Dynamic permissions are used when you need to make a decision based on some contextual information whether a permission should be granted or not.
The checkPermission() call is necessary because it performs an explicit permissions check against the specified object using its ACL - something that you can't do with an annotation. This is the functionality I'm currently working on, and as a result the security example may break occasionally.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985641#3985641
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985641
More information about the jboss-user
mailing list