I think you've got kind of the wrong idea about what the security rulebase should look like.
It should not have 1000s of rules, 1 for each user, instead it should have one rule which says: "if the needed Permission belongs to User.getPermissions(), grant the permission". View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4054650#4054650 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4054650 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
