15.7. Permission Management
Just as Seam Security provides an Identity Management API to let you manage users and roles, it also provides a Permissions Management API to let you manage persistent user permissions — the
PermissionManager component.
15.7.1. PermissionManager
The
PermissionManager component is an application-scoped Seam component that provides a number of permission-management methods. It must be configured with a permission store before use. By default, it will attempt to use JpaPermissionStore. To configure a custom permission store, specify the permission-store property in components.xml:
<security:permission-manager permission-store="#{ldapPermissionStore}"/>
The following table describes each of the methods provided by
PermissionManager:
|
Return type
|
Method
|
Description
|
|---|---|---|
List<Permission>
| listPermissions(Object target, String action)
|
Returns a list of
Permission objects representing all of the permissions that have been granted for the specified target and action.
|
List<Permission>
| listPermissions(Object target)
|
Returns a list of
Permission objects representing all of the permissions that have been granted for the specified target and action.
|
boolean
| grantPermission(Permission permission)
|
Persists (grants) the specified
Permission to the back-end permission store. Returns true if the operation succeeds.
|
boolean
| grantPermissions(List<Permission> permissions)
|
Persists (grants) the specified list of
Permissions to the back-end permission store. Returns true if the operation succeeds.
|
boolean
| revokePermission(Permission permission)
|
Removes (revokes) the specified
Permission from the back-end permission store. Returns true if the operation succeeds.
|
boolean
| revokePermissions(List<Permission> permissions)
|
Removes (revokes) the specified list of
Permissions from the back-end permission store. Returns true if the operation succeeds.
|
List<String>
| listAvailableActions(Object target)
|
Returns a list of the available actions for the specified target object. The actions that this method returns are dependent on the
@Permission annotations configured on the target object's class.
|
