You got it right. Voters are real simple
to write and any complex security will necessitate them. In the voter you have
access to the method parameters and can decide if the user should be authorized
or not. From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doody, John I'm a newby to Acegi Security, so your patience is
appreciated. It sounds like your recommendation is to write my own
"voter". I understand this will implement AccessDecisionVoter
interface just like the RoleVoter class. I'm looking for a
recommended approach, it doesn't necessarily have to be the declarative
approach. However, creating an implementation of AccessDecisionVoter will
require some coding, but considering what Acegi Security offers, this may be
reasonable. Any other techniques are welcome.
|
Title: Message