The security module

This module will enable the use of the annotations provided by the jsr250 as the security demarcation.

it will be a very simple implementation, not a full blown seecurity framework. There is already some code written, but it is in very early stage of development.

What is already working

  • if you put the roles your current user have in the currentUserRoles bean (it is a Set<String>)
  • you an use the @RolesAllowed to define which groups can run a method
  • you can use the @DenyAll to only allow inner calls to a method (I did not get the point of this annotation)
  • and you can use the @PermitAll to enable the use of a method
  • the hierarchi of the permissions is: Package, Class, Method this means if you define a security in the method, it will overwrite the class and package annotations