It appears as if J2EE's use of JAAS gives me some control over which
users can use which methods in which beans. However, I have a couple
of concerns;
First, is there an easy explanation of the difference between groups
and roles?
Secondly, it doesn't seem to help me in the generic problem of wanting
to restrict access to certain database records. Basically, I have paul
and harry, both possessing the "customer" role. Paul should be able to
browse his own orders but not Harry's. I take it I am left to
implement this bit of secuity myself, in the lookups that I do?
Cheers
Bent D
--
Bent Dalager - [EMAIL PROTECTED] - http://www.pvv.org/~bcd
powered by emacs
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
