On Tue, Oct 09, 2001 at 10:25:33PM -0700, Scott M Stark wrote: > Creating the a security proxy layer is the most flexible and maintains the > integrity of the business logic. Security is more a function of where the > business component is deployed rather than a function of the business > component operation and the two should be separated.
I'm still unsure how one would implement security in respect of entity "ownership". Assume I have an entity, e.g. an Appointment in a Schedule and want to grant read and write permissions to certain roles or users. How would I implement this logic. One solution that comes to my mind is � la "if (entity.canRead(getCallerPrincipal())" and manage the Users / Principals with a custom jboss security adapter which works on top of the application's user model. Is there any standard / existing jboss security adapter which works on top of a simple ejb user + role model? -billy.
msg12739/pgp00000.pgp
Description: PGP signature
