[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1224) Consider integration of security with App Framework

Pete Muir (JIRA) jira-events at lists.jboss.org
Sun Apr 22 17:43:30 EDT 2007

    [ http://jira.jboss.com/jira/browse/JBSEAM-1224?page=comments#action_12360161 ] 
Pete Muir commented on JBSEAM-1224:

As you said, its something we should consider, if nothing else, provide a section in the doc discussing a pattern for securing an app based on Home objects.

> Consider integration of security with App Framework
> ---------------------------------------------------
>                 Key: JBSEAM-1224
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1224
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Core, Security
>    Affects Versions: 1.2.1.GA
>            Reporter: Pete Muir
>         Assigned To: Shane Bryzak
> From the forums:
> 'One down side to using EntityHome for generic crud is lack of built in security.  One needs to be careful when using Homes for crud operations that allow or require RequestParameters.  You need to ensure the operation on this ID is valid.  You don't want to expose information you shouldn't and you definitely don't want to modify or destroy information you shouldn't.
> For example, you don't want a user to update or delete another user's entity just by changing an ID in the URL and hitting return.  Seam supports entity level security and you can probably extend a Home to double check access restrictions prior to operations.  Likewise, you don't want private information available on lets say a user profile screen, to be available to anyone able to modify a URL.'

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list