Hello, I would have liked to secure all methods in an object
by implementing a voter that does “if the USERID parameter is present, and the principal
does not have superuser role, then USERID must be equal to principal”. However, because the Method class only reifies the
parameter types and not their names, one if forced to go by argument position, and it would be
really bad to do the check for every method on argument #n blindly. So, one needs to go for a the more verbose way of
specifying a method definition source with entries for each method in the target class. Now, ideally one could have some more complex
configuration attributes that just a token string specifying some access, to allow for some comparisons to be specified just in XML
without having to write custom voters. In my case, I could live with some more basic
framework which does some basic parsing of the tokens with a determined
pattern, much in the same style as the RoleVoter, for example, tokens
that start with ARGUMENT_ and a number, eg: ARGUMENT_1_IS_PRINCIPAL. Then one could subclass such an abstract class and
just implement the specific check that you want for the argument. Fernando Mato Mira |
- [Acegisecurity-developer] missing voting facilities? Fernando.Matomira
- Re: [Acegisecurity-developer] missing voting facili... Andy Depue
- RE: [Acegisecurity-developer] missing voting facili... Fernando.Matomira
- RE: [Acegisecurity-developer] missing voting facili... Fernando.Matomira