- 15.1. Overview
- 15.2. Disabling Security
- 15.3. Authentication
- 15.4. Identity Management
- 15.5. Error Messages
- 15.6. Authorization
- 15.6.1. Core concepts
- 15.6.2. Securing components
- 15.6.3. Security in the user interface
- 15.6.4. Securing pages
- 15.6.5. Securing Entities
- 15.6.6. Typesafe Permission Annotations
- 15.6.7. Typesafe Role Annotations
- 15.6.8. The Permission Authorization Model
- 15.6.9. RuleBasedPermissionResolver
- 15.6.10. PersistentPermissionResolver
- 15.7. Permission Management
- 15.8. SSL Security
- 15.9. CAPTCHA
- 15.10. Security Events
- 15.11. Run As
- 15.12. Extending the Identity component
- 15.13. OpenID
The Seam Security API provides a multitude of security-related features for your Seam-based application, including:
- Authentication — an extensible, Java Authentication and Authorization Service (JAAS) based authentication layer that allows users to authenticate against any security provider.
- Identity Management — an API for managing the users and roles of a Seam application at runtime.
- Authorization — an extremely comprehensive authorization framework, supporting user roles, persistent and rule-based permissions, and a pluggable permission-resolver that makes it easy to implement customized security logic.
- Permission Management — a set of built-in Seam components that make it easy to manage an application's security policy.
- CAPTCHA support — to assist in the prevention of automated software/scripts abusing your Seam-based site.
This chapter covers each of these features in detail.