-
1. Re: ACL in Seam
EJB 3.0 provides method-level permissioning as a standard feature. You can use that.
-
2. Re: ACL in Seam
Hi Gavin,
I think that you missed yaun point, which is object level permission, like one user can edit one customer, but only view another customer.
I was thinking a Entity Users_Role which you could then inherit (therefore extend the data model), and add custom properties (i.e. customer foreign key, or any other type of datamodel object). You could do the equiverlent of this to the Role Entity allowing people to custom design the priveledges a Role can have.
You could then add a equiverlent to isUserInRole called hasPriveledge that checks the current principal has the priveledge.
In answer to the original question, people have tried to use acegi with Seam with some success, please search this forum for previous posts.
If you come up with any firm information you could post it on the Wiki.
HTH,
James -
3. Re: ACL in Seam
Thanks both of you for quick response,
I think James got my point.
I think I can add 'hasPriveledge' annotation to implement this function like James suggested and migrate some codes from Acegi (or do some customization to make it work with seam). But I want to make sure this is a good way to go and I am not re-inventing wheel as well.
In addition, I did some search before opening this discuss, only found this one http://jboss.com/index.html?module=bb&op=viewtopic&t=81833. But seems no result came out in the end. I will appreciate if you can give me some pointers I missed. -
4. Re: ACL in Seam
Hi Yuan,
Unfortuneatly I have not attempted acegi, and instead created my own security layer (using JACC and database authetication on some custom user, role, and user_role entities), but I have not been succesful in implimenting hasPriveledge yet! I followed the wiki items on JACC container security. THANKS TO THOSE GUYS.
I believe from looking at CVS that Shane is specing out a Seam security layer , using a servlet filter, but this looks very work in progress. I don't know how far they have got or what scope there implementation will be (method level role, or user object level permissions).
I hope they look into user object level permissions as this could be done quite elegantly with Entity inheritance.
So I imagine if you have any valid learning points it would be useful to the Seam guys.
Hope this helps,
James -
5. Re: ACL in Seam
Acegi's voter mechanism provides the ability to assemble permissions dynamically based on changing events. Does anyone one know if JAAS provides an equivalent.
A common situation people may encounter is the need to dynamically add permissions to a user when a task is assigned to them using jBPM. -
-
7. Re: ACL in Seam
"jbpmndc" wrote:
Acegi's voter mechanism provides the ability to assemble permissions dynamically based on changing events. Does anyone one know if JAAS provides an equivalent.
A common situation people may encounter is the need to dynamically add permissions to a user when a task is assigned to them using jBPM.
Interesting, this is a really good example of something thats not easy to do in Java EE security out of the box. I'll point Shane over here and maybe he can look at it as part of the work he is doing now.