Can we security @Factory?

wuhaixing Nov 26, 2007 12:40 AM

I found following in the seamspaces,Does this mean security applied to the @Factory?If it's true,is there any other action options?
security-rules.drl

rule CreateFriendRequest
 no-loop
 activation-group "permissions"
when
 check: PermissionCheck(name == "friendRequest", action == "create", granted == false)
 Principal(principalName : name)
 not MemberFriend(f : friend -> (f.getUsername().equals(principalName)))
then
 check.grant();
end

FriendAction.java

@Factory("friendRequest") @Begin
 public void createRequest()
 {
 .....
 }

1. Re: Can we security @Factory?

shane.bryzak Nov 26, 2007 7:31 PM (in response to wuhaixing)
That particular permission is checked inline, not using @Restrict. However, if you look at BlogAction, you'll see that the createComment() method does use @Restrict and @Factory:

@Factory("comment") @Restrict @Begin(join = true) public void createComment()

The corresponding security rule is this one:

rule CreateBlogComment no-loop activation-group "permissions" when check: PermissionCheck(name == "blog", action == "createComment", granted == false) Role(name == "user") then check.grant(); end
Actions
2. Re: Can we security @Factory?

wuhaixing Nov 26, 2007 10:55 PM (in response to wuhaixing)

Thanks for you patient reply.
Even â€˜The factory component pattern lets a Seam component act as the instantiator for a non-component object. A factory method will be called when a context variable is referenced but has no value bound to it. We define factory methods using the @Factory annotation. The factory method binds a value to the context variable, and determines the scope of the bound value. There are two styles of factory method.â€™
But I think the security has nothing with @Factory,right?
Actions
3. Re: Can we security @Factory?

shane.bryzak Nov 27, 2007 9:01 PM (in response to wuhaixing)

That's right, there's no special security considerations for @Factory. Simply secure the factory method if it is required.
Actions

Go to original post