That particular permission is checked inline, not using @Restrict. However, if you look at BlogAction, you'll see that the createComment() method does use @Restrict and @Factory:
@Factory("comment") @Restrict @Begin(join = true) public void createComment()
The corresponding security rule is this one:
rule CreateBlogComment no-loop activation-group "permissions" when check: PermissionCheck(name == "blog", action == "createComment", granted == false) Role(name == "user") then check.grant(); end
Thanks for you patient reply.
Even â€˜The factory component pattern lets a Seam component act as the instantiator for a non-component object. A factory method will be called when a context variable is referenced but has no value bound to it. We define factory methods using the @Factory annotation. The factory method binds a value to the context variable, and determines the scope of the bound value. There are two styles of factory method.â€™
But I think the security has nothing with @Factory,right?
That's right, there's no special security considerations for @Factory. Simply secure the factory method if it is required.