Thank you for your answers!
Am I right in assuming that you mean org.jboss.seam.security & subpackages and
the security example?
Further i have a feature request: I would like to have 'dynamic roles' (roles
depending on the calling principal).
I.e. let's say we have a User entity and 'updateUserData(User user)' business
method in some bean.
Access to this method should be allowed to all administrators - regardless of
the user whos data is to be modified - and a user should be allowed to modify
only his own user data.
This could be done by seperating all roles in static (traditional) and dynamic
roles. For every introduced dynamic role one has to implement a interface which
is is called everytime a dynamic role is evaluated (something like 'boolean
isInRole(Principal principal, Object[] methodArgs) - methodArgs is an array
containing the parameters to the secured method).
I.e. the updateUserData method would be annotated with
@RolesAllowed{"administrator","owner"}. If this method is called by someone who
is in the 'adminstrator' role there's no need to evaluate the 'owner' role. On
the other hand, if this method is called by someone who is not in the
'adminstrator' role the security layer would call the method in the interface
registered with the owner role to see if the current principal is allowed to
access this method.
IMHO this would be pretty usefull - i.e. to ensure users can edit only their
own data, ... - what do you think about it?
Further i noticed the improved logging implementation in the org.jboss.seam.log
package. While i fully agree that this makes our life easier i was wondering if
you noticed SLF4J (http://www.slf4j.org) and LogBack (http://logback.qos.ch).
Both are from the guys who invented log4j and while SLF4J is meant as a
replacement from commons-logging - as a simple facade for various logging APIs
- LogBack is meant as an improvement of log4j.
Both adress the shortcommings you adressed in your implementation and some more
- please see their sites for more details.
The reason i mention them is that switching to SLF4J (which perfectly
integrates with log4j, commons-logging, LogBack, ...) might spare you the
reinvention of the wheel ;) and make for less coupling of the users code with
seam while providing a convenient & consistent way for logging in users code &
seam & ...
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982414#3982414
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982414
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
