1 Reply Latest reply on Oct 26, 2008 5:43 PM by Michael Neale

    Authentication and authorisation

    Heiko Braun Master

      Michael:


      I use Seam - so Jaas etc... delegate to the container, or directory server etc..


        • 1. Re: Authentication and authorisation
          Michael Neale Expert

          Yes have stuck to Seam - whatever it prescribes we have gone with.

          So we have the Identity seam managed component, and we also use PermissionResolver's, and the components.xml to configure it all.

          The basic identity/authorization uses JAAS underneath - so you can hook it up to whatever ID service is needed. This can be taken slightly futher by specifying what users are "admin" - but to go any further, we have Guvnor specific permissions (which are not stored externally) - thats there Seam's permission framework comes in (but this is probably only relevant to a repository at this stage).