Similar to the existing Security methods Identity.hasRole() and Identity.hasPermission() I want to add a Identity.hasRight() functionality that takes database based rights for authorisation of methods and pages.
@Name("org.jboss.seam.security.identity") @Scope(ScopeType.SESSION) @Install(precedence = Install.APPLICATION) @BypassInterceptors @Startup public class RightBasedIdentity extends RuleBasedIdentity { private Map<String, AuthorisationRight> authorisationRights = new HashMap<String, AuthorisationRight>(); public boolean addRight(AuthorisationRight right) { : } public boolean hasRight(String rightName) { : }
This works quite well. The problem is how to extend the @Restrict annotation and user interface usage. The new security method should be used as follow, if possible:
Code:
@Restrict("#{s:hasRight('address:change')}")
User Interface:
<h:outputLink ... rendered="#{s:hasRight('address:change')}"
I found out that these security methods are defined in class SeamFunctionMapper. Is it possible to adapt this class anyhow and tell seam to to use it?
Thanks for your help.