[security-dev] Permission and Role

Shane Bryzak sbryzak at redhat.com
Wed Jun 4 19:46:13 EDT 2014


Of course, that's totally up to you. The permission check SPI [1] is 
easily extensible and allows you to apply whichever business logic you 
like to determine whether the permission is granted or not.

[1]
public interface PermissionVoter {
     public enum VotingResult {ALLOW, DENY, NOT_APPLICABLE }

     VotingResult hasPermission(IdentityType recipient, Object resource, 
String operation);

     VotingResult hasPermission(IdentityType recipient, Class<?> 
resourceClass, Serializable identifier,
             String operation);
}

On 06/05/2014 09:40 AM, Rahul Mahindrakar wrote:
> Is it possible To aggregate permissions under roles.
>
> This makes it easier To grant roles To A user and thereby A large set 
> OF permissions.
> ------------------------------------------------------------------------
> From: Shane Bryzak <mailto:sbryzak at redhat.com>
> Sent: ‎2014-‎06-‎05 01:29
> To: security-dev at lists.jboss.org <mailto:security-dev at lists.jboss.org>
> Subject: Re: [security-dev] Permission and Role
>
> Hi Rahul,
>
> They are fundamentally two very different things.  A role is typically 
> used to define a set of users for which specific privileges are to be 
> assigned, while a permission is used to control access to application 
> resources or services.  A permission check can actually use the user's 
> roles to determine whether the user has the necessary privilege to 
> perform an action.  Here's a couple of pseudo-code examples to make 
> this a little clearer:
>
>
> 1. Restricting access to a method based on the user's role:
>
> @RolesAllowed("admin")
> public void doProtectedOperation() {
>    ...
> }
>
> 2. Restricting access to a method to users with permission to cancel a 
> specific "order":
>
> public void cancelOrder(@HasPermission("cancel") Order order) {
>    ...
> }
>
> Hope that helps!
>
> Shane
>
> On 06/05/2014 09:13 AM, Rahul Mahindrakar wrote:
>> Hi
>>
>> I have not been able to have a grasp of the difference between the 
>> usage of Role and permissions.
>>
>> Can someone guide me in this direction
>>
>> Thanks
>> Rahul
>>
>>
>> _______________________________________________
>> security-dev mailing list
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20140605/1ba10c13/attachment.html 


More information about the security-dev mailing list