I found this way to enable / disable EntitySecurity:
I wrote my own EntitySecurityListener based on the implementation of the original EntitySecurityListener
import static org.jboss.seam.security.EntityAction.DELETE; import static org.jboss.seam.security.EntityAction.INSERT; import static org.jboss.seam.security.EntityAction.READ; import static org.jboss.seam.security.EntityAction.UPDATE; import javax.persistence.PostLoad; import javax.persistence.PrePersist; import javax.persistence.PreRemove; import javax.persistence.PreUpdate; import org.jboss.seam.security.EntityPermissionChecker; @Name("myEntitySecurityListener") public class MyEntitySecurityListener { private boolean securityCheckEnabled = false; public boolean isSecurityCheckEnabled() { return securityCheckEnabled; } public void setSecurityCheckEnabled(boolean securityCheckEnabled) { this.securityCheckEnabled = securityCheckEnabled; } @PostLoad public void postLoad(Object entity) { if (securityCheckEnabled) { EntityPermissionChecker.instance().checkEntityPermission(entity, READ); } } @PrePersist public void prePersist(Object entity) { if (securityCheckEnabled) { EntityPermissionChecker.instance().checkEntityPermission(entity, INSERT); } } @PreUpdate public void preUpdate(Object entity) { if (securityCheckEnabled) { EntityPermissionChecker.instance().checkEntityPermission(entity, UPDATE); } } @PreRemove public void preRemove(Object entity) { if (securityCheckEnabled) { EntityPermissionChecker.instance().checkEntityPermission(entity, DELETE); } } }
is this a good way to enable/disable EntitySecurity at runtime or is there a better way to do this?
thx for your help
Greetz Marco
Seems reasonable enough to me.