11.3. Role-Based Access Control
RBAC allows you to perform authorization based on the roles granted for an user. For that, PicketLink provides a specific annotation. You only need to specify the role name.
@RolesAllowed("Administrator") public void shutdown() { // only users granted with this role can access this method }
The
@RolesAllowed
annotation can also be used on types. In this case, all bean methods are protected:
@RolesAllowed("Administrator") public class MyBean() { }
You can also define multiple roles if you want to:
@RolesAllowed({"Sales", "Financial"})