Hi,
In my application there are two types of users, let's simply call them USER
and ADMIN. Some service methods (resources) can be accessed by both roles
but they are expected to behave differently according to the role of the
actual user. For example, ADMIN users can see all items in a list, while
USER users can see only items that belong to them. If I annotate such a
method with @RolesAllowed({ "ADMIN", "USER" }) then I need to do further
checks in the method (via isUserInRole()) to distinguish between the roles.
As an alternative I can introduce a new container like /admin and serve all
administrative methods over this one to only ADMIN users. In this case the
same resources are being accessed via more than one entry point which I do
not feel very comfortable with, with respect to RESTful design principles.
How would you design your application in such a case? (Well, it's not that
much an interesting case. Just wanna get your ideas on the subject.)
Thanks.
--
Ersin