11.4. Group-Based Access Control
GBAC allows you to perform authorization based on the groups defined for an user. For that, PicketLink provides a specific annotation. You only need to specify the group name.
@GroupsAllowed("Managers") public void approveTimesheet() { // only users form group "Project Manager" are allowed to access this method }
The
@GroupsAllowed annotation can also be used on types. In this case, all bean methods are protected:
@GroupsAllowed("Managers") public class Timesheet() { }
You can also define multiple groups if you want to:
@GroupsAllowed({"Marketing", "Human Resources"})