"asookazian" wrote : What is the recommended alternative implementation strategy to hard-coding the role(s) like above in pages.xml? for example, storing the role information in a RDBMS table so that we can update role data real-time and users are granted roles when they begin a new session. | | Is it even necessary to do this? the argument bein that roles for page level access do not change frequently enough to need real-time updates?
I don't quite understand what you're asking here. Storing the user's roles in a database table is a recommended strategy. "asookazian" wrote : Also, is it sufficient in most cases to use s:hasRole for component level restriction on JSF's instead of using s:hasPermission? That totally depends on your own requirements. You can use either, or mix and match as you wish. It all depends on what kind of security model you want and how fine-grained it should be. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4123287#4123287 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4123287 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
