2 Replies Latest reply on Nov 26, 2007 10:59 PM by wuhaixing

    who can explain the security features demonstrate in the sea

    wuhaixing

      In the seamspace project,security-rule.drl has the following code snippet I donn't know why.
      1.

      check: PermissionCheck(name == "memberImage", action == "view", granted == false)

      there is a memberImage component,but where is the action view?
      2.
      check: PermissionCheck(name == "blog", action == "create", granted == false)

      Does this mean Statful session bean BlogAction create is restircted?
      3.
      check: PermissionCheck(name == "friendComment", action == "create", granted == false)

      Restrict @Factory("friendComment")?and where is action create?
      4.
      @Restrict is not required to invoke permission check?

        • 1. Re: who can explain the security features demonstrate in the
          shane.bryzak

           

          "wuhaixing" wrote:
          In the seamspace project,security-rule.drl has the following code snippet I donn't know why.
          1.
          check: PermissionCheck(name == "memberImage", action == "view", granted == false)

          there is a memberImage component,but where is the action view?


          In ContentAction:

          if (img == null || !Identity.instance().hasPermission("memberImage", "view", img))


          "wuhaixing" wrote:
          2.
          check: PermissionCheck(name == "blog", action == "create", granted == false)

          Does this mean Statful session bean BlogAction create is restircted?


          No, this permission is used to control the display of a link in profile.xhtml:

          <s:span rendered="#{s:hasPermission('blog', 'create', selectedMember)}">


          "wuhaixing" wrote:
          3.
          check: PermissionCheck(name == "friendComment", action == "create", granted == false)

          Restrict @Factory("friendComment")?and where is action create?


          This is also in profile.xhtml:

          <s:span rendered="#{s:hasPermission('friendComment', 'create', selectedMember.friends)}">


          And the permission is checked in FriendAction:
          Identity.instance().checkRestriction("#{s:hasPermission('friendComment', 'create', friends)}");


          "wuhaixing" wrote:
          4.
          @Restrict is not required to invoke permission check?


          No, a permission check can be also be performed via Identity.checkRestriction().


          • 2. Re: who can explain the security features demonstrate in the
            wuhaixing

            Thanks for you patient reply again ;)
            Ok,I will read the 13.6.2. Securing components again more carefully.But I'm not first time to think the Seam is too flexible to read the code for a newbie.