Has any thought been given to adding instance based security support to Acegi? This seems to be a common requirement. Basically, what I mean by this is that you can apply security constraints (hopefully in a declarative fashion) to an object class with rules that are capable of discriminating on instance data. As an example, say you have an Employee object with a salary property. Only some roles should be allowed to view the salary. And only some roles should be able to view any information related to a CEO Employee. As an implementation example, I have recently had to implement something similar to this, and I did so by applying aspects to my service instances. As DTOs enter and leave a service, my aspect would inspect the various object instances and apply the declarative security constraints. In our case, it was even more involved, as we needed the ability to actually modify the DTO: if a property was "off limits", then its value would be replaced with a secured value. This way, when the DTO is transmitted to a client (via a web service), the sensitive information will not be sent across the wire. Such security constraints also had the ability to enforce data operations: create, read, update, delete. So, for example, I could say that a role can read the salary field, but not be allowed to change the salary field. We also provided a mechanism whereby a client can ask for a "security map" of an instance (or a class, for more general cases), so that it can know what security constraints are in effect for a particular object. This is useful to dynamically alter a UI based on what is allowed on an instance.
Thoughts, comments? - Andy ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
