> First, is there an easy explanation of the
> difference between groups
> and roles?
Role is an permission to do something. If I say,
that role "admin" is required to call this method,
only authenticated user holding role "admin" will be
allowed to proceed.
> Secondly, it doesn't seem to help me in the generic
> problem of wanting
> to restrict access to certain database records.
> Basically, I have paul
> and harry, both possessing the "customer" role. Paul
> should be able to
> browse his own orders but not Harry's. I take it I
> am left to
> implement this bit of secuity myself, in the lookups
> that I do?
Besides role there is also concept of "principal" -
this is identity of authenticated user. This identity
object can be anything you like, but mostly it would
contain method to get user name or some kind of ID.
Session or entity context of the bean (remember this
method setEntityContext()? ) gives you 2 methods:
one to get principal of user, and another
to ask whether currently authenticated user has given
role ( consult javadoc on it )
Principal creation and role mapping happen in your
login module ( if you use JAAS based security in jboss
).
regards,
=====
Konstantin Priblouda ( ko5tik ) Freelance Software developer
< http://www.pribluda.de > < play java games -> http://www.yook.de >
< render charts online -> http://www.pribluda.de/povray/ >
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
