[jboss-user] [JBoss Seam] - Re: Can we security @Factory?

shane.bryzak@jboss.com do-not-reply at jboss.com
Mon Nov 26 19:31:35 EST 2007


That particular permission is checked inline, not using @Restrict.  However, if you look at BlogAction, you'll see that the createComment() method does use @Restrict and @Factory:

   @Factory("comment") @Restrict @Begin(join = true)
  |    public void createComment()

The corresponding security rule is this one:


rule CreateBlogComment
  |   no-loop
  |   activation-group "permissions"
  | when
  |   check: PermissionCheck(name == "blog", action == "createComment", granted == false)
  |   Role(name == "user")
  | then
  |   check.grant();
  | end

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4107906#4107906

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4107906



More information about the jboss-user mailing list