If you use the approach from my previous reply, you can just use the SecurityContext (a threaded service, so it gets reset each request cycle) to lookup the currently logged in user in any other service. Or, you could place an AuthorizationInterceptor (which uses the SecurityContext) on your services which you want to "secure."
-----Original Message----- From: Chris Chiappone [mailto:[EMAIL PROTECTED] Sent: Thursday, February 23, 2006 11:21 AM To: Tapestry List Subject: Security in Services best practices Hi, I was wondering what the best approach would be when trying to set permissions for users of my application to access certain services. I currently have an export to file service that I only want a certain user role to be able to perform. Because the service is decoupled I am not sure how I can obtain the role that the logged in user has from my ASO into the service. Any help would be appreciated. -- ~chris --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
