[jboss-user] [JBoss Seam] - Re: Setting Authorization Roles

asookazian do-not-reply at jboss.com
Thu Jan 24 13:35:10 EST 2008

"shane.bryzak at jboss.com" wrote : You can place a  element within a  element inside pages.xml, like this:
  |     <page view-id="/orderDetail.xhtml">
  |   |       <restrict>#{s:hasRole('admin')}</restrict>
  |   |     </page>

What is the recommended alternative implementation strategy to hard-coding the role(s) like above in pages.xml?  for example, storing the role information in a RDBMS table so that we can update role data real-time and users are granted roles when they begin a new session.

Is it even necessary to do this?  the argument bein that roles for page level access do not change frequently enough to need real-time updates?

Also, is it sufficient in most cases to use s:hasRole for component level restriction on JSF's instead of using s:hasPermission?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4123159#4123159

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4123159

More information about the jboss-user mailing list