0 Replies Latest reply on Jun 12, 2009 7:40 PM by John Augusto Charnet

    Seam 2.1.2 security - Authorization

    John Augusto Charnet Newbie

      We are using Seam as our security manager (Authentication and Authorization), but we are having some trouble with Authorization. In Seam reference it's a bit confusing how we can configure permissions through jpa-permission-store.
      We took a look at Seam space example, but we still haven't figured out some stuff.
      For example:
      In seam space there is  the following call

      Identity.instance().checkPermission(member, "createFriendComment");

      My first impression was that there would have to be an action createFriendComment with a target Member in the table AccountPermission. But for my surprise, there are only two lines in this table:

      PermissionId Recipient Target         Action Discrimintator
      1             friends   MemberImage:5  view   role
      2             user      MemberImage:6  view   role

      Another point that is quite confusing are the annotations @Permissions and @Permission. Are they responsible for declaring possible actions that should go to the database table ?
      Does PermissionSearch.getTarget() return all the classes that are marked with the @Permissions annotation ?

      Thanks a lot.