I see I implemented the PrincipalArgumentVoter class without introducing
any intermediate abstracting class, so maybe some abstraction would
indeed be useful, at least for homogeneization of the syntaxes.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Andy Depue
Sent: Friday, August 05, 2005 6:12 PM
To: acegisecurity-developer@lists.sourceforge.net
Subject: Re: [Acegisecurity-developer] missing voting facilities?

We did something very similar, only chose a more verbose route.  We
created a 
"SuperiorVoter" that can inspect a parameter, determine the owner of
that 
parameter (object), and then only allow the owner or the owner's
superior 
through.  We chose this syntax: OWNER_OR_SUPERIOR_OF(PARAM_IDX=#) - Here
is 
an example:
 
com.marathon.workflow.Workflow.getWorkItemsForUser=OWNER_OR_SUPERIOR_OF(
PARAM_IDX=0)

  - Andy

On Thursday 04 August 2005 05:56 am, [EMAIL PROTECTED]
wrote:
> Hello,
>
>
>
>   I would have liked to secure all methods in an object by
implementing
> a voter that does
>
> "if the USERID parameter is present, and the principal does not have
> superuser role, then
>
> USERID must be equal to principal".
>
>   However, because the Method class only reifies the parameter types
and
> not their names,
>
> one if forced to go by argument position, and it would be really bad
to
> do the check for every method
>
> on argument #n blindly.
>
>   So, one needs to go for a the more verbose way of specifying a
method
> definition source with entries for
>
> each method in the target class.
>
>   Now, ideally one could have some more complex configuration
attributes
> that just a token string specifying some access,
>
> to allow for some comparisons to be specified just in XML without
having
> to write custom voters.
>
>   In my case, I could live with some more basic framework which does
> some basic parsing of the tokens with a determined pattern,
>
> much in the same style as the RoleVoter, for example, tokens that
start
> with ARGUMENT_ and a number, eg:
>
> ARGUMENT_1_IS_PRINCIPAL.
>
>   Then one could subclass such an abstract class and just implement
the
> specific check that you want for the argument.
>
>
>
> Fernando Mato Mira


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle
Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing &
QA
Security * Process Improvement & Measurement *
http://www.sqe.com/bsce5sf
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to