"[EMAIL PROTECTED]" wrote : How would you do dynamical contextual security or
ACL checks ?
| (or maybe that is considered business logic instead of security ;)
|
| e.g. how would I ask: hasPermissionTo('drug',$patient.ssn, $department)
|
| this is a variation of ACL security
http://acegisecurity.org/docbook/acegi.html#acls
|
| The trick here is that there is not a constant range of values for the
patient and department since they are driven by the business.
|
| I never found a good way of doing that with ejb security; so if that is
possible in ejb3 now then I would like to hear about it.
So my understanding is that in theory, JAAS/JACC can handle this kind of thing
(ie. conceptually you can write a permission that can take dynamic arguments
and/or access Seam contexts), however, in practice there is no good way to
actually set this up.
This absolutely _is_ an area I want to explore.
Is this something that Acegi handles nicely?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3941004#3941004
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3941004
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
