[jboss-user] [JBoss Seam] - Re: who can explain the security features demonstrate in the
shane.bryzak@jboss.com
do-not-reply at jboss.com
Mon Nov 26 19:20:30 EST 2007
"wuhaixing" wrote : In the seamspace project,security-rule.drl has the following code snippet I donn't know why.
| 1.
| check: PermissionCheck(name == "memberImage", action == "view", granted == false)
| there is a memberImage component,but where is the action view?
|
In ContentAction:
if (img == null || !Identity.instance().hasPermission("memberImage", "view", img))
"wuhaixing" wrote : 2.
| check: PermissionCheck(name == "blog", action == "create", granted == false)
| Does this mean Statful session bean BlogAction create is restircted?
|
No, this permission is used to control the display of a link in profile.xhtml:
<s:span rendered="#{s:hasPermission('blog', 'create', selectedMember)}">
"wuhaixing" wrote : 3.
| check: PermissionCheck(name == "friendComment", action == "create", granted == false)
| Restrict @Factory("friendComment")?and where is action create?
|
This is also in profile.xhtml:
<s:span rendered="#{s:hasPermission('friendComment', 'create', selectedMember.friends)}">
And the permission is checked in FriendAction:
Identity.instance().checkRestriction("#{s:hasPermission('friendComment', 'create', friends)}");
"wuhaixing" wrote : 4.
| @Restrict is not required to invoke permission check?
No, a permission check can be also be performed via Identity.checkRestriction().
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4107903#4107903
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4107903
More information about the jboss-user
mailing list