-
1. Re: Can we security @Factory?
shane.bryzak Nov 26, 2007 7:31 PM (in response to wuhaixing)That particular permission is checked inline, not using @Restrict. However, if you look at BlogAction, you'll see that the createComment() method does use @Restrict and @Factory:
@Factory("comment") @Restrict @Begin(join = true) public void createComment()
The corresponding security rule is this one:rule CreateBlogComment no-loop activation-group "permissions" when check: PermissionCheck(name == "blog", action == "createComment", granted == false) Role(name == "user") then check.grant(); end
-
2. Re: Can we security @Factory?
wuhaixing Nov 26, 2007 10:55 PM (in response to wuhaixing)Thanks for you patient reply.
Even ‘The factory component pattern lets a Seam component act as the instantiator for a non-component object. A factory method will be called when a context variable is referenced but has no value bound to it. We define factory methods using the @Factory annotation. The factory method binds a value to the context variable, and determines the scope of the bound value. There are two styles of factory method.’
But I think the security has nothing with @Factory,right? -
3. Re: Can we security @Factory?
shane.bryzak Nov 27, 2007 9:01 PM (in response to wuhaixing)That's right, there's no special security considerations for @Factory. Simply secure the factory method if it is required.