8 Replies Latest reply on May 28, 2008 7:44 PM by daclan

    Seam Security now has superpowers

    shane.bryzak

      Well not quite, however I'd like to announce some of the new and improved features of the Security API.  If you're feeling adventurous and would like to see some of these features in action, I recommend that you check out the latest SVN version of Seam and deploy the seamspace example.  In no particular order, here is a list of some of the improvements:



      Identity Management





      While Seam Security has been flexible for authenticating and authorizing users, a missing feature was the ability to actually manage users and roles.  Identity Management provides a standard API for creating, modifying and deleting users and roles, no matter how they are stored in the back end.  Seam provides Identity Store implementations for working with users stored in either a database or LDAP server (no extra libraries required), and it is relatively straight forward to implement other persistent authentication sources.  It is also easy to mix and match identity stores, so for example if you wish to authenticate your users against OpenLDAP or ActiveDirectory, but load the user's roles from a database table, then that is fully supported with minimal configuration.


      Permission Management



      Extending on the ability to support rule-based permission checks, Seam Security now supports pluggable permission resolvers, meaning it is no longer necessary to extend the Identity component to support custom authorization models.  On top of this, Seam also supports a new type of permission resolver, PersistentPermissionResolver that allows you to assign ACL type permissions to specific object instances.  You can see this handy feature in action in the seamspace example by clicking on the 'View my pics' link on the profile page.


      Strongly typed annotation-based permission checks



      While we still support the @Restrict annotation, the new (recommended) way to perform security checks for component actions is through the use of a set of extensible, typesafe annotations.  Take the following for example:



        @Insert(Customer.class)
      
        public void createCustomer() { ... }



       
      For the above method, a permission check will be performed for the currently authenticated user to ensure they have the rights to insert (create) a new Customer record.  It is also possible to annotate method parameters, like so:



        public void updateCustomer(@Update Customer customer) { ... }



       
      The above security check will ensure that the user has the rights to update the instance of the Customer object passed in to the method.


      Anyway, this is just a little taste of the kind of stuff the new Security API has to offer.  Documentation for these new features will be completed shortly, along with tutorials and more, however in the meantime I recommend anyone interested to check out the seamspace example.  And of course any feedback would be appreciated.


      FYI, the URL for anon SVN checkout is as follows:


      http://anonsvn.jboss.org/repos/seam/trunk/