This content has been marked as final.
Show 2 replies
-
1. Re: who can explain the security features demonstrate in the
shane.bryzak Nov 26, 2007 7:20 PM (in response to wuhaixing)"wuhaixing" wrote:
In the seamspace project,security-rule.drl has the following code snippet I donn't know why.
1.check: PermissionCheck(name == "memberImage", action == "view", granted == false)
there is a memberImage component,but where is the action view?
In ContentAction:if (img == null || !Identity.instance().hasPermission("memberImage", "view", img))
"wuhaixing" wrote:
2.check: PermissionCheck(name == "blog", action == "create", granted == false)
Does this mean Statful session bean BlogAction create is restircted?
No, this permission is used to control the display of a link in profile.xhtml:<s:span rendered="#{s:hasPermission('blog', 'create', selectedMember)}">
"wuhaixing" wrote:
3.check: PermissionCheck(name == "friendComment", action == "create", granted == false)
Restrict @Factory("friendComment")?and where is action create?
This is also in profile.xhtml:<s:span rendered="#{s:hasPermission('friendComment', 'create', selectedMember.friends)}">
And the permission is checked in FriendAction:
Identity.instance().checkRestriction("#{s:hasPermission('friendComment', 'create', friends)}");
"wuhaixing" wrote:
4.
@Restrict is not required to invoke permission check?
No, a permission check can be also be performed via Identity.checkRestriction(). -
2. Re: who can explain the security features demonstrate in the
wuhaixing Nov 26, 2007 10:59 PM (in response to wuhaixing)Thanks for you patient reply again ;)
Ok,I will read the 13.6.2. Securing components again more carefully.But I'm not first time to think the Seam is too flexible to read the code for a newbie.