I don't understand the desire to protect a Seam project using web.xml's
security descriptors. It seems to me that a much stronger security would be
implemented using annotations.
I would want to see an annotation called @RequireUserType or @RequireUserRole.
| @Stateful
| @Name("search")
| @LoggedIn
| @RequireUserType("customer")
| @Interceptors(SeamInterceptor.class)
| public class SearchAction
| ...
|
Or would it make sense to put the annotation on the methods of the class, too?
Also, the @LoggedIn should remember the url, and in Seam, it would make sense
that if the url was in the middle of a conversation, after login the user would
be taken to a page that would start the conversation.
Shouldn't Seam come packaged with these Login and Security check type of
functionality built-in and overridable if needed?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923084#3923084
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923084
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
