[jboss-user] [JBoss Seam] - Re: who can explain the security features demonstrate in the

shane.bryzak@jboss.com do-not-reply at jboss.com
Mon Nov 26 19:20:30 EST 2007

"wuhaixing" wrote : In the seamspace project,security-rule.drl has the following code snippet I donn't know why.
  | 1.
  | check: PermissionCheck(name == "memberImage", action == "view", granted == false)
  | there is a memberImage component,but where is the action view?

In ContentAction:

      if (img == null || !Identity.instance().hasPermission("memberImage", "view", img))

"wuhaixing" wrote : 2.
  | check: PermissionCheck(name == "blog", action == "create", granted == false)
  | Does this mean Statful session bean BlogAction create is restircted?

No, this permission is used to control the display of a link in profile.xhtml:

          <s:span rendered="#{s:hasPermission('blog', 'create', selectedMember)}">

"wuhaixing" wrote : 3.
  | check: PermissionCheck(name == "friendComment", action == "create", granted == false)
  | Restrict @Factory("friendComment")?and where is action create?

This is also in profile.xhtml:

          <s:span rendered="#{s:hasPermission('friendComment', 'create', selectedMember.friends)}">

And the permission is checked in FriendAction:
         Identity.instance().checkRestriction("#{s:hasPermission('friendComment', 'create', friends)}");

"wuhaixing" wrote : 4.
  | @Restrict is not required to invoke permission check?

No, a permission check can be also be performed via Identity.checkRestriction().

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4107903#4107903

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4107903

More information about the jboss-user mailing list