Thanks, Jens. I'll look at the ejb security modelling docs in the meantime. I am assuming the dependency is drawn from a method in the service to the role in order to generate the proper role based authorization or acl authorization. You cannot, however use an afterInvocationManager (I cannot see the namespace property). Also, since much of the security can be coded once in an external file, wouldn't it make sense to just set the interceptor (because you may want to define different security interceptors) so the generated applicationContext-hibernate.xml contains the correct interceptors. The only 2 things we essentially need generated are the interceptors in the applicationContext-hibernate.xml and the methods in the objectDefinitionSource, which could just be a direct copy of the methods in the serviceTransactionInterceptor, with a namespace property that could set a default security for these methods. For instance:
<property name="objectDefinitionSource"> <value> foo.bar.widget.WidgetService.getAllWidgets=user, AFTER_ACL_COLLECTION_READ </value> </property> would have user, AFTER_ACL_COLLECTION_READ generated on all the methods due to a default namespace setting, with fine tuning allowed via a tagged value on the method in the model itself. Let me know what you think. _________________________________________________________ Reply to the post : http://galaxy.andromda.org/forum/viewtopic.php?p=3433#3433 Posting to http://forum.andromda.org/ is preferred over posting to the mailing list! ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Andromda-user mailing list Andromda-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/andromda-user
