Julien was mentioning that it would be nice to have security checks made against the construction of portal resources like Page, Window etc.
So for example, when the portal core calls
| Window window = new WindowImpl();
| Page page = new PageImpl();
a check should be made to see if the user has the permissions for the construction of portal resources.
There is no requirement to use a java security manager for this.
1) Use AOP to incorporate a security aspect. (Julien's idea)
2) Use the concept of Security Proxy available in the JBossSX layer against EJB invocations.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3920452#3920452
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3920452