That is also a novel approach to entity security. You should not obscure URLs but rather have a multi-layer approach, where at the lowest layer you can never even load an entity from the database you do not have the access rights for.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4030479#4030479 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4030479 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
