In stead of roles you could work with permissions or even authorizing methods annotated with @Secures.
The problem with using @Secures approach is that I need to pass an object to find out the permissons. But method annotated by @Secures takes just identity.
However, Identity interface contains method hasPermission(Object target, String action). But where is this configured? Is this somewhere documented?
I think Security is still one of those modules we need a lot of work, and some really good examples and documentation. I'm hoping we at least get those done for the next development cycle. Of course, any help from people have things working and would like to contribute to the docs and / or examples would be greatly appreciated.
Is the Security project still active? I looked at the page and it still has info relating to releasing something in 2010...?
I would like to use Seam security with Jboss Negotiation for a new project which requires SSO but I am a bit worried.
Seam 3 (from what I have read) uses a Users, Roles, Groups approach. You may be able to use this for what you have in mind, not sure.
I am personally looking at doing something similar with the rules support. The hasPermissions invokes a rule, and this determines the access.
The rules are defined in a file: security.drl.
Yes, it's still very much alive, we've simply gotten lax in updating the web site (it's a manual process and we've discussed other options about a different site, automation, etc. but they haven't gotten very far).
what about acl's management? it is still under development? i think acl's not available with Seam 3.1.0.Beta5 or im wrong?
No, it did not make it. I know it's been something that's been hot on the list for quite a few people. Would you like to help make it a reality?
I think acl management is a
mustof every security software. Roles, groups and users management without acl make the module incomplete, by my point of view.
Also i think that in the future, while you estimate that most of the actuals seam 3 modules migrate to other frameworks (for example i readed that seam-persistence and seam-validation will migrate to hibernate framework), i think seam-security will remain as a part of the actual seam-framework (or you want migrate to picketlink project???).
I dont understand exactly what you asked me about to help it a reality.
Can u be more clear?
Why I said help anything to help us out would be appreciated. Either some real world requirements, documentation, code contributions, etc. Any (or all) of the above would be very helpful in getting ACL in to Seam Security.