[security-dev] Permission and Role
Shane Bryzak
sbryzak at redhat.com
Wed Jun 4 19:46:13 EDT 2014
Of course, that's totally up to you. The permission check SPI [1] is
easily extensible and allows you to apply whichever business logic you
like to determine whether the permission is granted or not.
[1]
public interface PermissionVoter {
public enum VotingResult {ALLOW, DENY, NOT_APPLICABLE }
VotingResult hasPermission(IdentityType recipient, Object resource,
String operation);
VotingResult hasPermission(IdentityType recipient, Class<?>
resourceClass, Serializable identifier,
String operation);
}
On 06/05/2014 09:40 AM, Rahul Mahindrakar wrote:
> Is it possible To aggregate permissions under roles.
>
> This makes it easier To grant roles To A user and thereby A large set
> OF permissions.
> ------------------------------------------------------------------------
> From: Shane Bryzak <mailto:sbryzak at redhat.com>
> Sent: 2014-06-05 01:29
> To: security-dev at lists.jboss.org <mailto:security-dev at lists.jboss.org>
> Subject: Re: [security-dev] Permission and Role
>
> Hi Rahul,
>
> They are fundamentally two very different things. A role is typically
> used to define a set of users for which specific privileges are to be
> assigned, while a permission is used to control access to application
> resources or services. A permission check can actually use the user's
> roles to determine whether the user has the necessary privilege to
> perform an action. Here's a couple of pseudo-code examples to make
> this a little clearer:
>
>
> 1. Restricting access to a method based on the user's role:
>
> @RolesAllowed("admin")
> public void doProtectedOperation() {
> ...
> }
>
> 2. Restricting access to a method to users with permission to cancel a
> specific "order":
>
> public void cancelOrder(@HasPermission("cancel") Order order) {
> ...
> }
>
> Hope that helps!
>
> Shane
>
> On 06/05/2014 09:13 AM, Rahul Mahindrakar wrote:
>> Hi
>>
>> I have not been able to have a grasp of the difference between the
>> usage of Role and permissions.
>>
>> Can someone guide me in this direction
>>
>> Thanks
>> Rahul
>>
>>
>> _______________________________________________
>> security-dev mailing list
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20140605/1ba10c13/attachment.html
More information about the security-dev
mailing list