> If the roles are not satisfied by the logged in user upon the > request, then > the ContentSource will not add the component, i.e. it becomes > invisible. Is > that an acceptable behavior?
So the caller/consumer of the service would simply see that the service is not there? And how would we distinguish from cases where authorization is truly not permitted? What would happen if we throw a NotAuthorizedException (or whatever) so the consumer can distinguish between the two cases rather than just not returning the component?? Or would we need an empty component? Ah... so many questions... so little time. _______________________________________________ general mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/general
