-
1. Re: What's the best way to secure
pmuir Aug 18, 2006 5:30 AM (in response to smokingapipe)Advantage of JAAS is that it deeply integrated into JEE. EJB3 allows you to have method access security, Seam gives you isUserInRole, userPrincipal components, Tomahawk gives you attributes to disable/hide the JSF component and probably some more which I'm unaware of :). The one thing I haven't seen is a nice way of authenticating using a Seam component.
It is a bit difficult getting JAAS set up, but once all the xml files are correct it does 'just work'; there is a security example on the wiki which should get you going (be careful to put all the xml files in the correct archive and in the correct place (META-INF or archive root)). -
2. Re: What's the best way to secure
smokingapipe Aug 18, 2006 5:38 PM (in response to smokingapipe)Thanks, I'll give that a try. It would be disapointing to have something as modern as Seam and then have to write a dumb old filter again. Also I do want fine-grained security. Like I might have a changeCreditLimit() method, and only an Admin should be able to call that. I know that JAAS can manage stuff like that. So I'll grind through whatever XML madness I need to do to get it working.