I'm a newby to Acegi
Security, so your patience is appreciated. It sounds like your
recommendation is to write my own "voter". I understand this will implement AccessDecisionVoter interface just like the
RoleVoter class. I'm looking for a recommended approach, it doesn't
necessarily have to be the declarative approach. However, creating an
implementation of AccessDecisionVoter will require some coding, but considering
what Acegi Security offers, this may be reasonable. Any other techniques
are welcome.
�Thanks,John________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On BehalfYou can check your method parameters in a voter, so yes you can do this. But I don"t know of a way to do it declaratively like you have posted. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doody, John Sent: Wednesday, April 27, 2005 7:53 AM To: [EMAIL PROTECTED] Subject: [Acegisecurity-developer] RE: Securing methods to the parameter level Yes, we already thought about distinct methods. However, is this possible with Acegi? And if yes, does anyone have an example configuration? thanks, John ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Rather than complicate things, you may just want to break the method into 2: createBusinessAccount and createConsumerAccount since you obviously have different business rules regarding them. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doody, John Sent: Tuesday, April 26, 2005 5:01 PM To: [EMAIL PROTECTED] Subject: [Acegisecurity-developer] Securing methods to the parameter level I"m new to Acegi Security and I"m evaluating how it works and at the moment I"m not finding a way to declare method-level security with differing parameters. Is this possible with Acegi Security? To attempt to make my question clearer, here is an XML snippet of what I"m attempting: <property name="objectDefinitionSource"> <value> com.example.Service.createAccount(AccountType.BUSINESS)=ROLE_SUPER_USER com.example.Service.createAccount(AccountType.CONSUMER)=ROLE_USER </value> </property> I"ve got the same method which allows for different parameters. I don"t want a principle with a ROLE_USER authority to access the method if they attempt to create a business account with the following method call: com.example.Service.createAccount(AccountType.BUSINESS) Thank you for the help. John
