"dsteinwe" wrote : Do authentication with jaas. For authorisation I suggest EJB3 interceptors. In the interceptor you can check the permissions for a principal (-> context information). | For lean code you may define own permission annotations for the facades methods. In the interceptor you access these metadata. | HTH Dieter
So in this way I basically have my own role-to-permission data model which I have to inquire in the interceptors, right? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210407#4210407 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210407 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
