> Yeah, old issue, big can'o worms.
>
> I participated in that old thread months (actually, I think it was more
> than a year) ago. I still believe we should go this route:
>
> * Everything is based on interfaces.
> * There is a security manager interface that provides two methods:
>   one to authenticate a user given their credentials (to login),
>   and one to determine whether a user is authorized to do something.
>   Nothing more, nothing less.

How would you get the user or user id to ask that second question ?

IMHO, if you want to ask that second question, you need to be able to get a
reference to the current user/userid (or whatever you want to call it) from
the RunData (like the current getUser() method). And that means you need
some kind of basic User (or whatever) object/interface to talk to.... right
?

Age



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>


Reply via email to