6 Replies Latest reply on Jun 4, 2007 11:53 AM by Christian Bauer

    Security: access control at entity level?

    Tong Wang Newbie

      After reading chapter 20 of the Seam book, it seems to me that Seam has built in security support for access control at the method level of session beans. I wonder if the @Restrict annotation can be put on entities to control access to certain entities.

      Here is my situation: I have some business entities with various relationships between each other (one-to-one, one-to-many, etc) and through foreign keys or mapping tables, they are organized into a tree structure. I'd like to have the admin role to access all the tree entities, while other roles can only access a certain part of the tree. The accessible part of the tree should be defined dynamically, i.e., an admin user logs into a web UI and selects which part of the tree is accessible for each of the other roles.

      Any suggestions/ideas on how this could be implemented with Seam? Thanks.