Hello seam users!
I'm currently test the implementation of the new seam security features, namely the IdentityStore.
After reading the documents and fiddle arround with the IdentityStore I now have some questions:
1.) Is it correct, that I can use the Permission (with Entity) only in combination with
the IdentityStore?
2.) I'm not sure, if the IdentityStore can really satisfie the needs of a user authorisation...
I think, the idea with the IdentityStore is pretty cool, because I can develop my app
against an API! But, what If I need more then only a authorisation? If I wanna store the user
credentials, for a some objects a user creates. (for example a new memo entry of a user)
If I make my auth against a ldap, I don't have any user objects in my app to store.
What is the correct approach, the idea of such a scenario?
3.) In my app I have a table for the users. (I use the JPAIdentityStore)
If I load the user from the table (with the IdentityManager to get the current user)
I have a real user object. Is that a bad idea to use the IdentityStore?
I hope I'm not confusing you with my long questions...
But I wanna use the seam security components, and I will use it the correct way!
Thank you