Skip to main content

Home/ SoftwareEngineering/ Group items tagged SeamSecurity

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Chapter 9. Integration with Seam 2.2 - 0 views

www.graniteds.org/...graniteds.seam2.html

java security graniteds SeamSecurity

shared by kuni katsuya on 09 Aug 12 - No Cached
  • 9.2.6. Integration with Seam Security
  • When not using the Seam native setup, you have to manually configure the integration of Seam Security in granite-config.xml.
  • <granite-config>    ...    <!--     ! Use Seam 2.1+ based security service.     !-->     <security type="org.granite.seam21.security.Seam21SecurityService"/> </granite-config>
kuni katsuya

Seam - Contextual Components - 0 views

docs.jboss.org/...html_single

java security framework SeamSecurity authorization

shared by kuni katsuya on 09 Aug 12 - No Cached
  • 15.6. Authorization
  • Seam Security is built around the premise of users being granted roles and/or permissions, allowing them to perform operations that may not otherwise be permissible for users without the necessary security privileges
  • 15.6.1. Core concepts
  • ...15 more annotations...
  • 15.6.1.1. What is a role? A role is a group, or type, of user that may have been granted certain privileges for performing one or more specific actions within an application
  • used to create logical groups of users for the convenient assignment of specific application privileges
  • 15.6.1.2. What is a permission? A permission is a privilege (sometimes once-off) for performing a single, specific action. It is entirely possible to build an application using nothing but permissions, however roles offer a higher level of convenience when granting privileges to groups of users
  • consisting of three "aspects";
  • a target
  • an action
  • a recipient
  • An empty @Restrict implies a permission check of componentName:methodName
  • implied permission required to call the delete() method is account:delete
  • equivalent of this would be to write @Restrict("#{s:hasPermission('account','delete')}")
  • @Restrict annotation may reference any objects that exist within a Seam context. This is extremely useful when performing permission checks for a specific object instance.
  • selectedAccount
  • selectedAccount
  •  Identity.instance().checkRestriction
  • If the expression specified doesn't evaluate to true, either if the user is not logged in, a NotLoggedInException exception is thrown or if the user is logged in, an AuthorizationException exception is thrown.
1 - 3 of 3
Showing 20 items per page