Hi,
On Fri, Apr 3, 2015 at 7:47 AM, Rudy De Busscher <rdebusscher_at_gmail.com>
wrote:
> You indicated indeed several times already that the term "permission" is
> already taken. By the way, nice article.
>
Thanks ;)
> So we should then come up with some other term to indicate what a lot of
> people refer to as permission for the authorization stuff (as the more fine
> grained version of role with implied or inheritance concept, See the
> WildcardPermission of Shiro by example (1) )
>
If it's just the finer grained version, the term -could- remain "role"
From the example; subject.isPermitted("editNewsletter")
That's nearly identical to my current application code where I write:
request.isUserInRole("editNewsletter")
IFF it's indeed this usage that's wanted, then it's really just a matter of
terminology. This is what
https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-3 is specifically about
for the role/group terminology, so why not add "permission" to that?
On the other hand, if it's more the hierarchical thing people are after,
then we should indeed investigate how that can fit in with the existing
security system. I have been discussing hierarchical roles with my good
friend and co-worker Jan, so I'm CC'ing him here.
My personal gut feeling says when people say they'd like to have
"permissions", they refer to wanting something like "editNewsletter" as
opposed to thinking they can/should only use "administrator". I don't have
hard data to back this up, so I could be wrong here. As mentioned, just a
gut feeling ;)
With standardized group to role mapping, there would already be a fixed 2/3
level hierarchy. I agree, maybe not of the flexibility as shown in the link
you gave, but a true hierarchy nevertheless.
Kind regards,
Arjan Tijms
>
> Unfortunately, I'm not good in inventing names for things, but maybe other
> members are more creative.
>
> regards
> Rudy
>
> (1)
> https://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/authz/permission/WildcardPermission.html
>
> On 2 April 2015 at 22:59, arjan tijms <arjan.tijms_at_gmail.com> wrote:
>
>> Hi,
>>
>> The term "permission" came up a couple of times in discussions of this
>> EG. While I certainly understand the intuitive feeling around this term,
>> one somewhat thorny issue is that this name is already taken in Java EE
>> security.
>>
>> To illustrate this I wrote the following article:
>> http://arjan-tijms.omnifaces.org/2015/04/how-java-ee-translates-webxml.html
>>
>> Hope this may be helpful.
>>
>> Kind regards,
>> Arjan Tijms
>>
>
>