Hi Sudipto,
> However, from Dan's mail I realized that the sql security class was not in
> classpath. I added the following dependency in my pom and things are
> working now. I am just mentioning this here so that others can get a quick
> pointer in the future.
>
> *<dependency>
> <groupId>org.apache.isis.security</groupId>
> <artifactId>sql</artifactId>
> <version>${isis.version}</version>
> </dependency>*
Ah, excellent. This should go into the JIRA ticket - and eventually - the
manual.
> So, authentication is all good at least with database. Coming back to
> authorization, can you please guide me on that a little.
>
> Suppose, there are two actions for a domain class, one create and one
> search, if I want to show search to all but create to a specific role, how
> do I accomplish that?
By default, every class or action should appear in one of either
allow.properties and disallow.properties. If memory serves, if it is not in
either, then it is disallowed.
I provided a "allow by default" override[1], but I don't think it is in the
distributed artifacts, you'll have to fetch and build the sources from
subversion to get the functionality.
Anyway - the idea is that if you have a roles "user" and "administrator",
you'll need:
a passwords file that contains:
username:userpassword:user
adminname:adminpassword:administrator
an allow.properties that contains:
<fully qualified class>#<search_method>:user|administrator
<fully qualified class>#<create_method>:administrator
or a disallow.properties that contains:
<fully qualified class>#<create_method>:user
I'm working from help files here, not a running application, so your
mileage may vary...
Regards,
Kevin
> I am not too clear about role1, role2, role3 and what if I want to have my
> own roles. A little help on this will be much appreciated.
>
[1] https://issues.apache.org/jira/browse/ISIS-218
