Recall that with J2EE security, you are basically setting constraints on
resources that would otherwise be served freely. In our case, those resources are methods of
classes that we are remoting via DWR.
The way this container-managed security works is that you first create a role. This
theoretically maps to a particular type of user; think of something like regular users vs. administrative
users, for example. You then list a given user and tell that user what role or collection
CHAPTER 5 n SHARE YOUR KNOWLEDGE: DWIKI, THE DWR-BASED WIKI 199
2. Piers Morgan is one of three judges on the NBC show America??™s Got Talent.Many people say he??™s the
Simon Cowell rip-off judge (Simon being the acerbic, yet seemingly always right, judge on American
Idol). Yeah, OK, I admit, this particular pop-culture reference is a bit of a stretch!
of rules he or she belongs to. When you actually constrain a resource, say, for instance, you
only want administrative users to be able to access any URL beginning with /admin, you tell
the container that only users who are in a given role can access those URLs. You do not list
individual users, you list roles.
So, it all begins with listing the roles and users.
Pages:
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374