> Yeah, old issue, big can'o worms. > > I participated in that old thread months (actually, I think it was more > than a year) ago. I still believe we should go this route: > > * Everything is based on interfaces. > * There is a security manager interface that provides two methods: > one to authenticate a user given their credentials (to login), > and one to determine whether a user is authorized to do something. > Nothing more, nothing less.
How would you get the user or user id to ask that second question ? IMHO, if you want to ask that second question, you need to be able to get a reference to the current user/userid (or whatever you want to call it) from the RunData (like the current getUser() method). And that means you need some kind of basic User (or whatever) object/interface to talk to.... right ? Age -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
