1

I am creating an application using seam 3 and cdi. I started with an example, for the security part like this:

public @ConversationScoped class UserAction {
  public @Admin void deleteUser(String userId) {
   // code
  }
}

It works. If my user has the admin role, then he has access. But how can I implement a situation where the user may have one rule or the other? For example: if my user is @Admin or @Student he can access this, but if he is a @Teacher he cannot.

Thanks.

Kelly

Kelly Goedert
  • 1,027
  • 2
  • 11
  • 37

1 Answers1

0

I think you need to create your own authorizer method which does the specific role checks you need:

import org.jboss.seam.security.annotations.Secures;

public class Restrictions {      
  public @Secures @Admin boolean isAdmin(Identity identity) {
    return identity.hasRole("admin", "USERS", "GROUP");
    // Here, you would put in logic for "if my user is
    //     @Admin or @Student he can access this, but 
    //     if he is a @Teacher he cannot" instead.
  }
}
bzlm
  • 9,626
  • 6
  • 65
  • 92