I don't really understand if that was a comment to what I wrote or something else, but to clarify: I wouldn't ever want to have anything to do with the names of roles anywhere in my code or xml-files since those names are not known before an admin creates them through the application. The only thing I want to define is Permissions. A permission can have a name, like ContentPermission, and actions, like "read, write, delete, create". The only thing I want to specify in the code is what Permission is required. How that Permission then is mapped to a User (through a Role or directly) is entirely up to the security system, I dont want to have to care about that then.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3940166#3940166 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3940166 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
