Hello.
We are using Seam as our security manager (Authentication and Authorization), but we are having some trouble with Authorization. In Seam reference it's a bit confusing how we can configure permissions through jpa-permission-store.
We took a look at Seam space example, but we still haven't figured out some stuff.
For example:
In seam space there is the following call
Identity.instance().checkPermission(member, "createFriendComment");
My first impression was that there would have to be an action createFriendComment
with a target Member in the table AccountPermission. But for my surprise, there are only two lines in this table:
PermissionId Recipient Target Action Discrimintator 1 friends MemberImage:5 view role 2 user MemberImage:6 view role
Another point that is quite confusing are the annotations @Permissions and @Permission. Are they responsible for declaring
possible actions that should go to the database table ?
Does PermissionSearch.getTarget() return all the classes that are marked with the @Permissions annotation ?
Thanks a lot.
Regards,
John