-
1. Re: Security status?
shane.bryzak Jun 7, 2010 8:20 AM (in response to as6o)I'm working on it currently. It was actually all ported to to CDI and fully functional, however we have decided to integrate it with PicketLink (which will be providing a lot of the more advanced security features) and adopt a lot of their API. I'm hoping to have an alpha release out in the next couple of weeks, depending on the remaining integration issues (of which there have been many to overcome already).
-
2. Re: Security status?
rdelaplante Jun 8, 2010 1:16 PM (in response to as6o)I'm also very interested in getting Seam 3 Security ASAP. I have an upcoming project (within weeks) that I'd like to build using CDI and Seam Security. By the time it is ready for production the Seam Security RC might be available.
Since the message above seems to indicate major API changes, I think this is a good opportunity to request a major design change related to roles and permissions. Some of our users hold multiple positions at the company they work for. On some days they are the manager, and on other days they are a regular employee. When the user logs in, I need them to choose which
role
to use (manager or regular employee) if there are multiple roles attached to their account. This is also useful for administrators. They can log in using a single account and choose if they want to use theadministrator
role, or theirregular user
role.Groups can be associated with roles and/or users. Permissions can be associated with roles and/or groups and/or users.
What do you think?
-
3. Re: Security status?
radu Jun 8, 2010 2:46 PM (in response to as6o)If you ask me, this is a very common behavior.
You can let the user to select the role he wants to play after he logs in, is not mandatory to select the role during the login process. You will just designate adefault
role for each user or group of users.Anyway, I don't think we will ever see this kind of feature from Seam framework. Peoples involved in Security module are to smart to ask us for opinion or even share with us the release schedule!
It is all part of the big RedHat - Jboss integration strategy, which only the
chosen one
can see :)Mean time, I do what I suppose many other from this forum already does: migrate to plain JEE6, GlassFish, Spring, whatever has a decent documentation, release schedule, support, community, published books, ...
-
4. Re: Security status?
radu Jun 8, 2010 7:49 PM (in response to as6o)Sorry for the tone of last post... it really should be an Edit button on this forum.
However, I'm disappointed about the lack of documentation and architecture information related to Seam Security and PicketLink (the 2 wiki pages from 1 year).
-
5. Re: Security status?
shane.bryzak Jun 9, 2010 1:32 AM (in response to as6o)The only Seam and PicketLink integration that existed previously was developed by an independent community contributor for the PicketLink project. The current integration effort which I am undertaking is the first formal integration between the two projects, so of course there won't be any documentation yet.
Ryan, unfortunately since we're now adopting the PicketLink API you'll need to address any feature requests to the JBoss Security team as changes such as you have suggested are now out of our control. I suggest you post your ideas to their development forum, which you can find here:
-
6. Re: Security status?
nickarls Jun 9, 2010 3:21 AM (in response to as6o)I need the security module for a project, too, but I'm happy if I go on vacation and everything Just Works when I get back ;-)
The dependency to PicketLink means we have access to a tried and tested API but it apparently has the downside that we have to go an extra mile if we want changes to it. Hopefully there is a strategy to extend the API in non-standard ways if there is stuff that we absolutely need but they have no interest in adding?
-
7. Re: Security status?
pmuir Jun 9, 2010 6:09 AM (in response to as6o)
Nicklas Karlsson wrote on Jun 09, 2010 03:21:
I need the security module for a project, too, but I'm happy if I go on vacation and everything Just Works when I get back ;-)
The dependency to PicketLink means we have access to a tried and tested API but it apparently has the downside that we have to go an extra mile if we want changes to it. Hopefully there is a strategy to extend the API in non-standard ways if there is stuff that we absolutely need but they have no interest in adding?Yes. It's called
talking
, and having adiscussion
:-p -
8. Re: Security status?
pmuir Jun 9, 2010 6:10 AM (in response to as6o)
Radu B wrote on Jun 08, 2010 14:46:
If you ask me, this is a very common behavior.
You can let the user to select the role he wants to play after he logs in, is not mandatory to select the role during the login process. You will just designate adefault
role for each user or group of users.
Anyway, I don't think we will ever see this kind of feature from Seam framework. Peoples involved in Security module are to smart to ask us for opinion or even share with us the release schedule!
It is all part of the big RedHat - Jboss integration strategy, which only thechosen one
can see :)
Mean time, I do what I suppose many other from this forum already does: migrate to plain JEE6, GlassFish, Spring, whatever has a decent documentation, release schedule, support, community, published books, ...I'm sorry that you are frustrated, and Shane will get information out as soon as he has it I'm sure!
-
9. Re: Security status?
nickarls Jun 9, 2010 6:13 AM (in response to as6o)"Talking" and having a "discussion" is all nice and fine but that won't actually add the method to the interface :-p