Yes, that's correct, the JsfSecurityManager get's the stack trace, looks up
the calling method, retrieving the annotation, checking the access rights,
and throwing an exception if access is not allowed.
> @SecurityGuard(TypRoles.ADMIN)
> public AdminBean getAdminBean()
> {
> JsfSecurityManager.getCurrentInstance().check();
> }
>
Like I said, we haven't moved to the new Java yet. But okay, so the
annotation is labeling that this method should only be run by admins,
and it's the SecurityManager that is responsible for looking at the
annotation and deciding whether to continue?
