RE: [Acegisecurity-developer] Securing methods to the parameter

[March, Andres]

Title: Message

You got it right.  Voters are real simple to write and any complex security will necessitate them.  In the voter you have access to the method parameters and can decide if the user should be authorized or not.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doody, John Sent: Wednesday, April 27, 2005 10:30 AM To: acegisecurity-developer@lists.sourceforge.net Subject: [Acegisecurity-developer] RE: RE: RE: RE: Securing methods to the parameter   I'm a newby to Acegi Security, so your patience is appreciated.  It sounds like your recommendation is to write my own "voter".  I understand this will implement AccessDecisionVoter interface just like the RoleVoter class.   I'm looking for a recommended approach, it doesn't necessarily have to be the declarative approach.  However, creating an implementation of AccessDecisionVoter will require some coding, but considering what Acegi Security offers, this may be reasonable.  Any other techniques are welcome. Thanks, John    ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf You can check your method parameters in a voter, so yes you can do this. But I don"t know of a way to do it declaratively like you have posted.       ________________________________  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doody, John Sent: Wednesday, April 27, 2005 7:53 AM To: [EMAIL PROTECTED] Subject: [Acegisecurity-developer] RE: Securing methods to the parameter level       Yes, we already thought about distinct methods.   However, is this possible with Acegi?  And if yes, does anyone have an example configuration?       thanks,  John          ________________________________  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf   Rather than complicate things, you may just want to break the method   into 2: createBusinessAccount and createConsumerAccount since you   obviously have different business rules regarding them.            ________________________________     From: [EMAIL PROTECTED]   [mailto:[EMAIL PROTECTED] On Behalf   Of Doody, John   Sent: Tuesday, April 26, 2005 5:01 PM   To: [EMAIL PROTECTED]   Subject: [Acegisecurity-developer] Securing methods to the parameter   level            I"m new to Acegi Security and I"m evaluating how it works and at the   moment I"m not finding a way to declare method-level security with   differing parameters.  Is this possible with Acegi Security?   To   attempt to make my question clearer, here is an XML snippet of what I"m   attempting:            <property name="objectDefinitionSource">       <value>      com.example.Service.createAccount(AccountType.BUSINESS)=ROLE_SUPER_USER    com.example.Service.createAccount(AccountType.CONSUMER)=ROLE_USER       </value>   </property>             I"ve got the same method which allows for different parameters.  I don"t   want a principle with a ROLE_USER authority to access the method if they   attempt to create a business account with the following method call:                   com.example.Service.createAccount(AccountType.BUSINESS)            Thank you for the help.     John