3 Replies Latest reply on Nov 27, 2007 9:01 PM by Shane Bryzak

    Can we security @Factory?

    wu haixing Newbie

      I found following in the seamspaces,Does this mean security applied to the @Factory?If it's true,is there any other action options?
      security-rules.drl

      rule CreateFriendRequest
       no-loop
       activation-group "permissions"
      when
       check: PermissionCheck(name == "friendRequest", action == "create", granted == false)
       Principal(principalName : name)
       not MemberFriend(f : friend -> (f.getUsername().equals(principalName)))
      then
       check.grant();
      end

      FriendAction.java
      @Factory("friendRequest") @Begin
       public void createRequest()
       {
       .....
       }


        • 1. Re: Can we security @Factory?
          Shane Bryzak Master

          That particular permission is checked inline, not using @Restrict. However, if you look at BlogAction, you'll see that the createComment() method does use @Restrict and @Factory:

          @Factory("comment") @Restrict @Begin(join = true)
           public void createComment()


          The corresponding security rule is this one:


          rule CreateBlogComment
           no-loop
           activation-group "permissions"
          when
           check: PermissionCheck(name == "blog", action == "createComment", granted == false)
           Role(name == "user")
          then
           check.grant();
          end


          • 2. Re: Can we security @Factory?
            wu haixing Newbie

            Thanks for you patient reply.
            Even ‘The factory component pattern lets a Seam component act as the instantiator for a non-component object. A factory method will be called when a context variable is referenced but has no value bound to it. We define factory methods using the @Factory annotation. The factory method binds a value to the context variable, and determines the scope of the bound value. There are two styles of factory method.’
            But I think the security has nothing with @Factory,right?

            • 3. Re: Can we security @Factory?
              Shane Bryzak Master

              That's right, there's no special security considerations for @Factory. Simply secure the factory method if it is required.