This project is read only now.

1 Reply Latest reply on Mar 19, 2008 11:27 AM by damianharvey.damianharvey.gmail.com

Identity.checkRole() vs. Identity.hasRole()

admin.admin.email.tld Mar 19, 2008 12:40 AM

I am currently reading Dan Allen's MEAP Seam in Action book (pretty decent book, BTW) and stumbled upon the Identity.checkRole() method. This method has been in the Seam Identity API since 1.2.1.GA or before.

I did not see this in the Seam 2.0.0.GA ref doc or in the Yuan book. Is it not used as much as hasRole()?

If we are primarily interested in securing JSF views (all or nothing access, no component level restrictions) what is the best design/implementation with page level security and also throwing an AuthorizationException if not a member (hasRole() does not throw any exceptions, checkRole() may throw AuthorizationException)? I would like to keep all security/restriction configuration in the pages.xml if possible.

If it's not possible to do that, is it possible to use hasRole() in pages.xml and redirect to home.xhtml (or error.xhtml) and add message to FacesMessage from pages.xml?

are there any situations where one would use both hasRole() and checkRole() in this case?

1. Re: Identity.checkRole() vs. Identity.hasRole()

damianharvey.damianharvey.gmail.com Mar 19, 2008 11:27 AM (in response to admin.admin.email.tld)
checkRole() just calls hasRole() anyway. It just throws an exception instead of returning a boolean.

You can use hasRole in pages.xml by putting it inside a restrict tag. Eg

<restrict>#{s:hasRole('admin')}</restrict>

Cheers,

Damian.
Actions