[jboss-user] [JBoss Seam] - Re: Road Map
You'll be able to extend SecurityConfiguration to load roles/permissions from a database if you like, however keep in mind that these are only explicitly assigned permissions, as opposed to the dynamic rule-based permissions that the security API will also support. As for enums, the type safety would be nice however permissions can have any name (eg customer.doSpecialAction) so that unfortunately rules them out. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3996839#3996839 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3996839 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Road Map
I just took a look at Seam in the CVS and after going through the seamspace example I can't say anything else than: I love you guys! :-) I've been putting off this project for a long time in lack of a good security implementation and now you've solved a lot of my problems. I know you've planned to work on the security release for at least three more weeks (according to http://jira.jboss.com/jira/browse/JBSEAM?report=com.atlassian.jira.plugin.system.project:roadmap-panel) but I've got something that you might not have thought of: In security-config.xml you specify roles and assign permissions to them. What I would like is to specify somewhere which permissions exists and what actions they can have. Something like: | permissionDefinition | nameuser/name | | actioncreate/action | actionmodify/action | actiondelete/action | /permissionDefinition | | permissionDefinition | nameaccount/name | | actioncreate/action | actiondelete/action | /permissionDefinition | and then I could assign them to roles in the security-config OR I could create roles on the fly from the application and pick permissions from some sort of gui based on the initial permissions definition. Perhaps this sound totally crazy, or you've already done it, what do I know :-) An other thing that I came to think of: Now the permissions store their name and action as strings. Wouldn't the use of enums or something else that is typesafe make life easier for us? I'd hate to have a bug where I misspelled one of the strings somewhere. Or did I miss something? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3996763#3996763 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3996763 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Road Map
How about implementing synchronizer token in seam? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3994939#3994939 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3994939 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Road Map
anonymous wrote : How about implementing synchronizer token in seam? A what? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3995024#3995024 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3995024 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Road Map
This text is from core j2ee patterns [1]: Synchronizer Token This strategy addresses the problem of duplicate form submissions. A synchronizer token is set in a user's session and included with each form returned to the client. When that form is submitted, the synchronizer token in the form is compared to the synchronizer token in the session. The tokens should match the first time the form is submitted. If the tokens do not match, then the form submission may be disallowed and an error returned to the user. Token mismatch may occur when the user submits a form, then clicks the Back button in the browser and attempts to resubmit the same form. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3995032#3995032 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3995032 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Road Map
I went through the road map and I must say I'm really excited to what's coming up :) Thanks a lot for the hard and good work. Richard View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3986759#3986759 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3986759 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Road Map
Amazing... My only concern is that the Security Feature Request is not separated in minor features for individual voting... I'm interested in Seam's JAAS support over JSF on Facelets (no j_security_check form action) through Login action bean... any ways... that's a good plan... congrats!! Thanks a lot, View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3986806#3986806 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3986806 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Road Map
Note that the security stuff is in heavy flux. Shane and I and the Drools guys have been having some discussions about what will be the final form of this stuff and its turning out pretty interesting (a LOT different to the standard Java EE security). So anyway, thats why it isn't broken down into smaller tasks. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3986881#3986881 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3986881 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Road Map
Re: Seam security stuff. Is this also up for discussion with the Portal and Jbpm guys, as I remember you stating a while ago that you would like to see standardisation between the products? Thanks James View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3986980#3986980 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3986980 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Road Map
Yeah, but that is outside of the current scope of work. At some stage we need a unified identity model for all projects, but that won't happen in this work. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3986990#3986990 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3986990 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user