15.7. Permission Management

Just as Seam Security provides an Identity Management API to let you manage users and roles, it also provides a Permissions Management API to let you manage persistent user permissions — the PermissionManager component.

15.7.1. PermissionManager

The PermissionManager component is an application-scoped Seam component that provides a number of permission-management methods. It must be configured with a permission store before use. By default, it will attempt to use JpaPermissionStore. To configure a custom permission store, specify the permission-store property in components.xml: 
 
<security:permission-manager permission-store="#{ldapPermissionStore}"/>
The following table describes each of the methods provided by PermissionManager:

Table 15.11. PermissionManager API methods

Return type
Method
Description
List<Permission>
listPermissions(Object target, String action)
Returns a list of Permission objects representing all of the permissions that have been granted for the specified target and action.
List<Permission>
listPermissions(Object target)
Returns a list of Permission objects representing all of the permissions that have been granted for the specified target and action.
boolean
grantPermission(Permission permission)
Persists (grants) the specified Permission to the back-end permission store. Returns true if the operation succeeds.
boolean
grantPermissions(List<Permission> permissions)
Persists (grants) the specified list of Permissions to the back-end permission store. Returns true if the operation succeeds.
boolean
revokePermission(Permission permission)
Removes (revokes) the specified Permission from the back-end permission store. Returns true if the operation succeeds.
boolean
revokePermissions(List<Permission> permissions)
Removes (revokes) the specified list of Permissions from the back-end permission store. Returns true if the operation succeeds.
List<String>
listAvailableActions(Object target)
Returns a list of the available actions for the specified target object. The actions that this method returns are dependent on the @Permission annotations configured on the target object's class.