I'd like to something like the following:
class Authenticator {
boolean authenticate() {
User user = em.createQuery(...);
...
Identity.instance().addRole(string);
for(UserRole role:user.getRoles())
for(String permission:role.getPermissions())
Identity.instance().assertObject(new Permission(permission));
}
I need the following interfaces:
1. ability to work with WirkingMemory in authenticate()
2. ability to traverse all the seam components and JPA entities in order to build a list of available permissions. The list of permissions is supposed to be used in UI on the UserRole page where the admin can configure permissions for role. I saw similar to that in different sorts of applications so I consider that as reasonable default capability of Seam Security.
3. default Drools rules that produces check against permissions defined as above