And how about an object ACL framework/instance security?
For me that's the main thing I'm missing in j2ee.
Something like acegi's BasicAclProvider / AfterInvocationProvider
(BasicAclEntryAfterInvocationCollectionFilteringProvider) would sure be nice
to have in glassfish.
(though a shorter name for that thing wouldn't hurt anyone)
Wim
-----Original Message-----
From: glassfish_at_javadesktop.org [mailto:glassfish_at_javadesktop.org]
Sent: vrijdag 22 augustus 2008 8:26
To: users_at_glassfish.dev.java.net
Subject: Re: RE: Principal to Role Mapping
> custom object/permissions DB/DS
i also thiink about that - something like a permission map for each user
group on application scope.
To restrict user change user group in session object and for authenticated
additional in database.
This would work at once and avoids database connection on every request.
But its not possible to get an session by id.
Dont know why, but HttpSessionContext.getSession(String sessionId) is
depcrated with no replacement.
Think it would be better to improve the standard SUN concept, because:
- any admin (customer), who changes permissions/usergroup of an user to
restrict,
whould be very astonished, when this current user still could execute the
not permitted functions
- one of my applications is public, therefore its neccessary to restrict
also not authenticated users
[Message sent by forum member 'hammoud' (hammoud)]
http://forums.java.net/jive/thread.jspa?messageID=294719
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net