Hello,

 

  I would have liked to secure all methods in an object by implementing a voter that does

“if the USERID parameter is present, and the principal does not have superuser role, then

USERID must be equal to principal”.

  However, because the Method class only reifies the parameter types and not their names,

one if forced to go by argument position, and it would be really bad to do the check for every method

on argument #n blindly.

  So, one needs to go for a the more verbose way of specifying a method definition source with entries for

each method in the target class.

  Now, ideally one could have some more complex configuration attributes that just a token string specifying some access,

to allow for some comparisons to be specified just in XML without having to write custom voters.

  In my case, I could live with some more basic framework which does some basic parsing of the tokens with a determined pattern,

much in the same style as the RoleVoter, for example, tokens that start with ARGUMENT_ and a number, eg:

ARGUMENT_1_IS_PRINCIPAL.

  Then one could subclass such an abstract class and just implement the specific check that you want for the argument.

 

Fernando Mato Mira

 

Reply via email to