On 2010-02-08 19.33, Paul Merlin wrote:
I totally agree that RBAC system must not interfere with actors domain
modeling. Shiro agrees too :)
@RequiresUser do not takes any parameter and states only that the target
element requires that the current Subject is an
Authenticated User, not that it is a particular user you specify.
Ah ok, yes that is VERY useful, as an assertion.
And yes, this is much better to use @RequiresPermissions that @RequiresRoles
but as Shiro provides it, I just wrote it.
Now, I plan to write a custom Shiro Realm for my app, and will try to extract a
sort of AbstractQi4jRealm. It should
provide boilerplate code for implementing custom Realms loading authc& authz
data from qi4j Entities, whatever the
domain model you have.
Alright! Sounds very interesting. Let us know the progress as you go along.
/Rickard
_______________________________________________
qi4j-dev mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/qi4j-dev
