1 Reply Latest reply on Mar 21, 2006 7:49 AM by Gregor Melhorn

    Role Based Security...

    Gregor Melhorn Newbie

      Hello Seam users,

      I'm just getting started using JBoss, Seam and EJB 3, so I'm not shure if this is the right forum for my question.

      I don't know if there's an "out of the box" solution for my problem or how it is best solved using JBoss, so maybe someone can show the right direction to me or give some hints...

      I want to migrate a community portal to Java - maybe using Seam. At present, we are having quite a big (100 000 LOC), unmaintainable PHP based system.

      One thing I don't yet understand is how permission checking and granting is done . Our present portal allows to create groups and "rights". Each of these "rights" has several permission settings (create, admin, delete etc.). Each right may be assigned to a role or will be be inherited from parent roles. Each permission setting of a "right" may be adjusted per role (allow, deny, inherit from parent).

      In the seperate "modules" of the php app, one can call a function like getHasRight("ARTICLES", "ADMIN") or getHasRight("ARTICLES", "CREATE"). The system will then return true or false depending on the current user has the permission to do this action.

      How will a security system with these features be done in JBoss? Or would it be unneccessary because there are other ways to do it better that I don't know?

      I'd really be happy about some Feedback...

      Best regards
      Gregor Melhorn