[Jboss-dev-forums] [Design of Mail Services] - Re: new thoughts on security and mailbox structure

[mikezzz <nu...@jb...>]

Perhaps annotated aspect to that contains a description the type of access to a folder (read, write).  And an interface 'Securable' which has the methods for getting a list of roles for this object.

public class Folder implement Securable {
  | 
  |     @Secured (access="read")
  |     public void getMessage {...}
  | }
  | 
  | public class SecurityAspect {
  | 
  |    public void isAllowed() {
  |        Securable sc = (Securable) getCurrentObject();
  |        String access = metaData.get("access");
  |        if (sc.getRoleSet(access).retainAll(currentUser.getRoleSet()).size() > 0) {
  |           // Ok.
  |        }
  |        else {
  |             throw new SecurityException("Bad person doing bad things");
  |        }
  |     }
  | }

We would define a join point for Security Aspects to be bound to methods annotated with @Secured.

One of the things that I was thinking about related to folders is that it would be nice to be able to address any entity in JBMail using a path e.g. my inbox could be addressed as '/{domain}/mail/folders/mike/INBOX'.  Mostly this would help REST and CalDAV should we decide to implement these and provide a uniform interface to any object in the system.  Perhaps we could have the concept of "mounting" a module.  It would require a common contract for all modules that contain entities.  Just an idea, probably overkill.


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3886888#3886888

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3886888