This content has been marked as final.
Show 2 replies
-
1. Re: security pattern
shane.bryzak Apr 12, 2007 8:20 PM (in response to laksu)Look at the Booking or Seamspace examples, they both place a user object in session scope as part of authentication. I think this is what you want?
-
2. Re: security pattern
markfoerstein Apr 12, 2007 10:09 PM (in response to laksu)You mean extend Identity from your User class like this?:
...class User extends Identity { ...
I don't think it is the right approach (although Im not the expert here :-P)
You use Identity whenever you want to restrict access to a class or method and to query if the user is logged in or not. By "user" I don't mean your class "User".
When you authenticate, Seam will flag the Identity with loggedIn = true, and you can restrict access to classes or methods:@Restrict("#{identity.loggedIn}") public class ... (OR) @Restrict("#{identity.loggedIn}") public String create() { ...
Also, when you authenticate (through querying the database) you can @Out your authenticated "User" class so you can @In it wherever you want and get the members (username, nickname, etc). Just see the examples Shane told you...
Hope this could be helpful...