[jboss-user] [JBoss Seam] - Re: Tricky Q on Hibernate filters and roles
do-not-reply at jboss.com
Thu Jan 24 05:07:06 EST 2008
I think I know what I should do.
1. Go ahead and use a filter if I want to, for my convenience, but not as a security mechanism.
2. Put a @Restrict annotation on the entities, and then use JBoss Rules to restrict various operations by roles, etc. So I could say, a sysadmin can look at any object in any domain, but only domain members could look at objects in their domain, and only domain members with write permissions can create, update or delete objects.
Does that sound right?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4122959#4122959
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4122959
More information about the jboss-user