On Fri, Dec 5, 2008 at 4:09 PM, Henning P. Schmiedehausen <[EMAIL PROTECTED]> wrote: > Brian Eaton <[EMAIL PROTECTED]> writes: > >>On Fri, Dec 5, 2008 at 3:22 PM, Adam Winer <[EMAIL PROTECTED]> wrote: >>> AppDataService.updatePersonData() has a String appId parameter. An >>> implementation would, most likely, compare the appId here against >>> SecurityToken.getAppId(), and only permit updating if the two match, but >>> that's a container policy decision. > >>Ummm.... if there's only one sensible policy to implement...? > > Which would be? If the only sensible policy is to write to your own > application data, then why is there an appId parameter on the method? > > The backend can get the appId using token.getAppId() just fine, no > need for an additional method.
I had exactly this question when I was looking at using appdata for user prefs.
