Yes, we already thought
about distinct methods. However, is this possible with
Acegi? And if yes, does anyone have an example
configuration?
thanks,
John
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Rather than complicate things, you may just want to break the method
into 2: createBusinessAccount and createConsumerAccount since you
obviously have different business rules regarding them.
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Doody, John
Sent: Tuesday, April 26, 2005 5:01 PM
To: [EMAIL PROTECTED]
Subject: [Acegisecurity-developer] Securing methods to the parameter
level
I"m new to Acegi Security and I"m evaluating how it works and at the
moment I"m not finding a way to declare method-level security with
differing parameters. Is this possible with Acegi Security? To
attempt to make my question clearer, here is an XML snippet of what I"m
attempting:
<property name="objectDefinitionSource">
<value>
com.example.Service.createAccount(AccountType.BUSINESS)=ROLE_SUPER_USER
com.example.Service.createAccount(AccountType.CONSUMER)=ROLE_USER
</value>
</property>
I"ve got the same method which allows for different parameters. I don"t
want a principle with a ROLE_USER authority to access the method if they
attempt to create a business account with the following method call:
com.example.Service.createAccount(AccountType.BUSINESS)
Thank you for the help.
John
�
