[jboss-user] [JBoss Seam] - Re: Setting Authorization Roles
asookazian
do-not-reply at jboss.com
Thu Jan 24 13:35:10 EST 2008
"shane.bryzak at jboss.com" wrote : You can place a element within a element inside pages.xml, like this:
|
| <page view-id="/orderDetail.xhtml">
| | <restrict>#{s:hasRole('admin')}</restrict>
| | </page>
What is the recommended alternative implementation strategy to hard-coding the role(s) like above in pages.xml? for example, storing the role information in a RDBMS table so that we can update role data real-time and users are granted roles when they begin a new session.
Is it even necessary to do this? the argument bein that roles for page level access do not change frequently enough to need real-time updates?
Also, is it sufficient in most cases to use s:hasRole for component level restriction on JSF's instead of using s:hasPermission?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4123159#4123159
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4123159
More information about the jboss-user
mailing list