4 Replies Latest reply on Aug 19, 2011 1:54 AM by jboss_practioner

    Define user role authorization with limited capability(read/write)?

    jboss_practioner

      Hi all,

      I am new to JBoss AS.

      I have a question regarding the security service of Jboss.

      - If I want to have a user with read only permission and or read and write ... for different type of users like deployer, tester... can I do it in Jboss? I know there is <auth-constraint> tag and <role-name>  tags in config file to define authorized role. But how do I limit the capability? using <protected-method>? If so, what should be the value of the protected-method?

      Thank you very much.

      K.