...

When the conversion to the new design is complete, the SecurityFactory and other classes will be updated to use the AuthorizationManager interface instead of the Security abstract class. Developers will be able to write their own AuthorizationManager implementations that are backed by third party authorization software (LDAP, Active Directory, etc).

Another approach would be to refactor the existing security classes so the Security abstract class is converted to an interface, and have the OFBizSecurity class implement the interface. The Authorization Manager methods would be added to the Security interface, and the existing methods would be deprecated. This would make the conversion more backward-compatible with existing installations. \[I refactored the security classes on my local copy, and it works fine. I can commit those changes if there are no objections. -Adrian\]

Access Control Scenarios

1. User X can use Artifact Y for anything that artifact supports and on any data (where "artifact" is a screen, web page, part of a screen or page, service, general logic, etc). Details

...