-
15. Re: Security
(Didn't post everithing)
So How am I going to test for roles? And even if the isUserInRole component also tests for the seam security roles, will components of frameworks like icefaces that have the "rendered" and "renderedOnUserRole" like properties be compatible with the seam security roles? -
16. Re: Security
"david.alves" wrote:
So How am I going to test for roles? And even if the isUserInRole component also tests for the seam security roles, will components of frameworks like icefaces that have the "rendered" and "renderedOnUserRole" like properties be compatible with the seam security roles?
You'll be able to use EL to write stuff like:rendered="#{s:hasRole('admin')}"
or even more powerful:rendered="#{s:hasPermission('customer', 'modify', customer)}"
This last expression will perform a permission check against an actual customer instance. -
17. Re: Security
That is EXACTLY what I want. Put the test in the rendering, and then put a similar constraint on the objects themselves (ie, only an Admin object can access the lock() method on a DiscussionThread object).
That would be cool. I read the JAAS book and it had so many fancy things but it didn't seem like it would be able to do this simple thing that is what I need. -
18. Re: Security
So in relation to the JAAS context (where my application is searching for roles in the facescontext) I just have to wait, but it will be available right?
I still have a few moths until deployment and I'll wait.
In the mean time I'll use those components you mentioned (s:hasRole and s:hasPermission) but IMHO I think that it should be document somewhere that the isUserInRole component is not available for seam security role.
Anyway thanks for your replyes and tips Shane, seam security is going to be awesome with those ACL type permissions.