By the way, I'm aware that I can pass a Seam component as the third argument of a hasPermission check, and that works fine. But if I want to just put the @Restrict on the class itself, so that every method in the class hits a security check, is there some way to access Seam components at that point? And with using hasPermission, that limits me to passing only one component with that. Is there some more flexible way to do all this? Am I even asking the right questions?
(I'm also very eager to try 2.1's new security features)
I'm trying this stuff too.
I saw from the code that the working memory GlobalResolver is replaced with a SeamGlobalResolver so I think that in our rules we could declare as global any seam components, something like:
global myapp.CustomerHome customerHome
I have not tried yet, thought.
Thanks for the suggestion. I tried that out, no luck. I'll use the hasPermission system, for now. I know that Seam security is going through a big change in the upcoming 2.1 release and then I'll revisit this.
Good news. It works here.
This is the rule I wrote to verify:
package getin; import eu.entaksi.getin.model.* import eu.entaksi.getin.rules.* global ValidationCheck validationCheck global org.jboss.seam.international.StatusMessages statusMessages global eu.entaksi.getin.InterventoHome interventoHome rule "Prova componente" when $intervento: Intervento() then statusMessages.add("Hello component. Your id is: " + interventoHome.getInstance().getId()); validationCheck.setValid(); end
Don't care about ValidationCheck and other lines. It's part of a rule based validation framework that I'm trying to implement.
After firing the rule I see the JSF message in the page with the ID value.
The proof of concept is in
global eu.entaksi.getin.InterventoHome interventoHome
It's a Seam component (an EntityHome). It gets injected in the rule and used in the LHS. Surely I could use it in the RHS as well.
The magic is in the SeamGlobalResolver. I'm on Seam 2.1 beta.
It's me or there is no reference to this feature in the doc?