[jboss-user] [JBoss Seam] - Re: Security - Define dynamic Role in application

markfoerstein do-not-reply at jboss.com
Mon Apr 23 13:55:08 EDT 2007


Hi Shane,

I don't know what stsheak wants exactly, but I was about to ask a similar question, so I will use this topic instead of opening a new one.

I've successfully implemented authentication and authorization using Seam security. It works great.

I defined my roles on the database and bound many roles to one user, and many users to one role. When the user logs in, I get his roles. That's ok and works perfectly.

I defined permissions using JBoss Rules. Then I annotated the methods with @Restrict, configured the exceptions on pages.xml, etc... That's ok and works perfectly.

JBoss Rules is nice, but it would be better if I could get the roles permissions from the database. How can I do that and still use Seam security annotations like @Restrict to validate authorization?

The problem is, when creating a new role or changing permissions, I have to edit drool's security files to explicity set the permissions, which means that every new role and permission must be done changing application code.

What I want is to have an "admin" user log in the application, access a "create/edit role" action, define its permissions and bind the roles to the users (this last one I can do already).

That way, I don't need to change my application code, no redeploy, and no hard-coded permissions into drool's files. The "admin" user is free to do what he wants.

Thanks for any help.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4039958#4039958

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4039958



More information about the jboss-user mailing list