> > * There is a security manager interface that provides two methods:
> >   one to authenticate a user given their credentials (to login),
> >   and one to determine whether a user is authorized to do something.
> >   Nothing more, nothing less.
> 
> How would you get the user or user id to ask that second question ?
> 
> IMHO, if you want to ask that second question, you need to be 
> able to get a
> reference to the current user/userid (or whatever you want to 
> call it) from
> the RunData (like the current getUser() method). And that means you need
> some kind of basic User (or whatever) object/interface to talk 
> to.... right?

Yes. I have empty interfaces for the concepts of Subject (or User)
and Permission. The concrete classes to be used are configurable in
the system as well. I guess any minimal concrete class would have an
id for each class.

> Age

Regards,


-- 
Gonzalo A. Diethelm
[EMAIL PROTECTED]


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to