hello,
I can't figure out how to make use of the security that comes with every
J2EE server, let's say for example Websphere. You can define rollbased permission quite fine-grained on method level. but does this really solve the problems in real world applications ?
let's say we have to make a e-procurment application. how can i restrict pepole from buying products which cost over 500€, but at the same time allow managers to buy products over 500€ ?
private static final double someValue = 500;
if(total>someValue) {
buyProductBiggerThenSomeValue();
} else {
buyProduct();
}
Now based on these 2 methods I could define rolls, it would work and we would have the problem resolved.
But isn't that a bit too much effort for using container managed security ? Using JAAS security wouldn't be much more code, compared that you have to actually double the code of the method buyProduct().
Please comment on this.
Cheers,
max