2 Replies Latest reply on May 23, 2008 3:49 PM by Marcell

    Securing access to entities

    Kinnego du Monde Newbie

      Hi, I've ever used SEAM before. Can anyone tell me if the security framework supports the ability to intercept and check a user's authorization based on the selected entity they are trying to modify.


      Given the code below (from reference guide 2.0.2.GA Page 231) the 'selectedAccount' is passed into the @Restrict evaluation. Is it is possible when executing the rules to invoke Java code - e.g. perform data access? For example if I wanted to grant the logged in user access to modify their own account details (but no-one elses) as opposed to just this being an admin role. If so how would you do this?



      @Name("account")
      public class AccountAction {
      @In Account selectedAccount;
      @Restrict("#{s:hasPermission('account','modify',selectedAccount)}")
      public void modify() {
      selectedAccount.modify();
      }
      }