Talked to Geert a bit in IRC, but basically my question was about the domain model-based security in RIFE. My experience has been that typically offered role-based security is not flexible enough, but "owner-instance" (my concept) solves about 90% of the remaining cases. Basically, I want to be able to secure access to user's own profile or automatically get only things user owns (or is "associated with") from all things available, so I see no point trying to secure access to some specific urls as the permissions depend on the instance rather than type. I've implemented and used the concept very successfully with Trails ( http://trailsframework.org/Security+module) - basically only requiring me to add a single annotation on my domain entity to establish a permission that allows only the current user to access the entity. Unfortunately for me, Tapestry (or any other standard framework) doesn't have a built-in support for conversations (of which I've also written about in http://docs.codehaus.org/display/TRAILS/2008/01/24/Full+Steam+ahead+with+Trails+2.0%21) which of course is the bread and butter in RIFE. So, I wonder if RIFE supports domain-model based security and how is it done in practice (e.g. can you add these rules to the metadata)? I didn't find anything much about it from the documentation, I'd appreciate a link if I missed it.
Kalle --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "rife-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rife-users?hl=en -~----------~----~----~----~------~----~------~--~---
