I think I know what I should do. 1. Go ahead and use a filter if I want to, for my convenience, but not as a security mechanism.
2. Put a @Restrict annotation on the entities, and then use JBoss Rules to restrict various operations by roles, etc. So I could say, a sysadmin can look at any object in any domain, but only domain members could look at objects in their domain, and only domain members with write permissions can create, update or delete objects. Does that sound right? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4122959#4122959 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4122959 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
