We did something very similar, only chose a more verbose route. We created a "SuperiorVoter" that can inspect a parameter, determine the owner of that parameter (object), and then only allow the owner or the owner's superior through. We chose this syntax: OWNER_OR_SUPERIOR_OF(PARAM_IDX=#) - Here is an example: com.marathon.workflow.Workflow.getWorkItemsForUser=OWNER_OR_SUPERIOR_OF(PARAM_IDX=0)
- Andy On Thursday 04 August 2005 05:56 am, [EMAIL PROTECTED] wrote: > Hello, > > > > I would have liked to secure all methods in an object by implementing > a voter that does > > "if the USERID parameter is present, and the principal does not have > superuser role, then > > USERID must be equal to principal". > > However, because the Method class only reifies the parameter types and > not their names, > > one if forced to go by argument position, and it would be really bad to > do the check for every method > > on argument #n blindly. > > So, one needs to go for a the more verbose way of specifying a method > definition source with entries for > > each method in the target class. > > Now, ideally one could have some more complex configuration attributes > that just a token string specifying some access, > > to allow for some comparisons to be specified just in XML without having > to write custom voters. > > In my case, I could live with some more basic framework which does > some basic parsing of the tokens with a determined pattern, > > much in the same style as the RoleVoter, for example, tokens that start > with ARGUMENT_ and a number, eg: > > ARGUMENT_1_IS_PRINCIPAL. > > Then one could subclass such an abstract class and just implement the > specific check that you want for the argument. > > > > Fernando Mato Mira ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
