Hi,
We (Jonathan and I) had a chat today with Shane Bryzak how we could implement
fine grained security. To give a little context Jonathan felt a need for
something like that when integrating errai-security into the TODO list demo. He
wants users to be able to share their lists with others. Another use for this
would be in navigation, when a user can be shown a page only, if the request
parameters combination is allowed for the specific user.
PicketLink supports fine grained security when one implements a Service
Provider Interface
public interface PermissionResolver
{
public enum PermissionStatus {
ALLOW, DENY, NOT_APPLICABLE
}
PermissionStatus hasPermission(Object resource, String operation);
PermissionStatus hasPermission(Class<?> resourceClass, Serializable
identifier, String operation);
}
Now the only thing we need to figure out is, a way to fit this into an api so
that it's not PicketLink specific. And even better have it declarative, but it
seems to be to fine grained to do that.
I've create some issues already to track work on these things.
Any thoughts,
Erik Jan_______________________________________________
errai-dev mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/errai-dev
