-
1. Re: Seam 3 Security capability
blabno Jan 9, 2012 10:56 AM (in response to lukascz)In stead of roles you could work with permissions or even authorizing methods annotated with @Secures.
-
2. Re: Seam 3 Security capability
lukascz Jan 9, 2012 11:08 AM (in response to lukascz)The problem with using @Secures approach is that I need to pass an object to find out the permissons. But method annotated by @Secures takes just identity.
However, Identity interface contains method hasPermission(Object target, String action). But where is this configured? Is this somewhere documented?
Thanks,
Lukas -
3. Re: Seam 3 Security capability
lightguard Jan 9, 2012 3:26 PM (in response to lukascz)I think Security is still one of those modules we need a lot of work, and some really good examples and documentation. I'm hoping we at least get those done for the next development cycle. Of course, any help from people have things working and would like to contribute to the docs and / or examples would be greatly appreciated.
-
4. Re: Seam 3 Security capability
atdavie Jan 11, 2012 10:34 AM (in response to lukascz)Is the Security project still active? I looked at the page and it still has info relating to releasing something in 2010...?
I would like to use Seam security with Jboss Negotiation for a new project which requires SSO but I am a bit worried.
-
5. Re: Seam 3 Security capability
atdavie Jan 11, 2012 10:40 AM (in response to lukascz)Seam 3 (from what I have read) uses a Users, Roles, Groups approach. You may be able to use this for what you have in mind, not sure.
I am personally looking at doing something similar with the rules support. The hasPermissions invokes a rule, and this determines the access.
The rules are defined in a file: security.drl.
-
6. Re: Seam 3 Security capability
lightguard Jan 11, 2012 2:00 PM (in response to lukascz)Yes, it's still very much alive, we've simply gotten lax in updating the web site (it's a manual process and we've discussed other options about a different site, automation, etc. but they haven't gotten very far).
-
7. Re: Seam 3 Security capability
riboriori Jan 13, 2012 8:31 AM (in response to lukascz)Jason
what about acl's management? it is still under development? i think acl's not available with Seam 3.1.0.Beta5 or im wrong? -
8. Re: Seam 3 Security capability
lightguard Jan 13, 2012 4:08 PM (in response to lukascz)No, it did not make it. I know it's been something that's been hot on the list for quite a few people. Would you like to help make it a reality?
-
9. Re: Seam 3 Security capability
riboriori Jan 15, 2012 8:02 AM (in response to lukascz)I think acl management is a
must
of every security software. Roles, groups and users management without acl make the module incomplete, by my point of view.
Also i think that in the future, while you estimate that most of the actuals seam 3 modules migrate to other frameworks (for example i readed that seam-persistence and seam-validation will migrate to hibernate framework), i think seam-security will remain as a part of the actual seam-framework (or you want migrate to picketlink project???).
I dont understand exactly what you asked me about to help it a reality.
Can u be more clear?
Regards -
10. Re: Seam 3 Security capability
lightguard Jan 16, 2012 5:22 PM (in response to lukascz)Why I said help anything to help us out would be appreciated. Either some real world requirements, documentation, code contributions, etc. Any (or all) of the above would be very helpful in getting ACL in to Seam Security.