1 Reply Latest reply on Mar 19, 2008 12:00 PM by Pete Muir

    How to extend @Restrict expresssion?

    Viktor Rees Newbie

      Similar to the existing Security methods Identity.hasRole() and Identity.hasPermission() I want to add a Identity.hasRight() functionality that takes database based rights for authorisation of methods and pages.


      @Name("org.jboss.seam.security.identity")
      @Scope(ScopeType.SESSION)
      @Install(precedence = Install.APPLICATION)
      @BypassInterceptors
      @Startup
      public class RightBasedIdentity extends RuleBasedIdentity 
      {
        private Map<String, AuthorisationRight> authorisationRights = new HashMap<String, AuthorisationRight>();
      
        public boolean addRight(AuthorisationRight right)
        {
           :
        }
      
        public boolean hasRight(String rightName)
        {
           :
        }
      



      This works quite well. The problem is how to extend the @Restrict annotation and user interface usage. The new security method should be used as follow, if possible:


      Code:
      @Restrict("#{s:hasRight('address:change')}")


      User Interface:
      <h:outputLink ... rendered="#{s:hasRight('address:change')}"


      I found out that these security methods are defined in class SeamFunctionMapper. Is it possible to adapt this class anyhow and tell seam to to use it?


      Thanks for your help.