Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
15.6.8. The Permission Authorization Model
				Seam Security provides an extensible framework for resolving application permissions. The following class diagram shows an overview of the main components of the permission framework:
			
				The relevant classes are explained in more detail in the following sections.
			
15.6.8.1. PermissionResolver
Link kopierenLink in die Zwischenablage kopiert!
					An interface that provides methods for resolving individual object permissions. Seam provides the following built-in 
PermissionResolver implementations, which are described in greater detail later in the chapter:
				- RuleBasedPermissionResolver— Resolves rule-based permission checks with Drools.
- PersistentPermissionResolver— Stores object permissions in a permanent store, such as a relational database.
15.6.8.1.1. Writing your own PermissionResolver
Link kopierenLink in die Zwischenablage kopiert!
						Implementing your own permission resolver is simple. The 
PermissionResolver interface defines two methods that must be implemented, as seen in the following table. If your PermissionResolver is deployed in your Seam project, it will be scanned automatically during deployment and registered with the default ResolverChain.
					| 
										Return type
									 | 
										Method
									 | 
										Description
									 | 
|---|---|---|
| boolean | hasPermission(Object target, String action) | 
										This method resolves whether the currently authenticated user (obtained via a call to  Identity.getPrincipal()) has the permission specified by thetargetandactionparameters. It returnstrueif the user has the specified permission, orfalseif they do not. | 
| void | filterSetByAction(Set<Object> targets, String action) | 
										This method removes any objects from the specified set that would return  trueif passed to thehasPermission()method with the sameactionparameter value. | 
Note
							Because they are cached in the user's session, any custom 
PermissionResolver implementations must adhere to several restrictions. Firstly, they cannot contain any state that is more fine-grained than the session scope, and the component itself should be either application- or session-scoped. Secondly, they must not use dependency injection, as they may be accessed from multiple threads simultaneously. For optimal performance, we recommend annotating with @BypassInterceptors to bypass Seam's interceptor stack altogether.
						