The security module
This module will enable the use of the annotations provided by the jsr250 as the security demarcation.
it will be a very simple implementation, not a full blown seecurity framework. There is already some code written, but it is in very early stage of development.
What is already working
- if you put the roles your current user have in the currentUserRoles bean (it is a Set<String>)
- you an use the @RolesAllowed to define which groups can run a method
- you can use the @DenyAll to only allow inner calls to a method (I did not get the point of this annotation)
- and you can use the @PermitAll to enable the use of a method
-
the hierarchi of the permissions is: Package, Class, Method this means if you define a security in the method, it will overwrite the class and
package annotations