FYI - A post from my blog. I incorrectly used UnanimousBased voting and needed to dig into the ACEGI source code to find my problem. Therefore, I blogged in the hope that someone else might not make the same mistake.
---------- Forwarded message ---------- From: David Medinets <[EMAIL PROTECTED]> Date: Oct 25, 2005 10:38 AM Subject: [CodeBits] ACEGI: An Example of When to Use AffirmativeBased (instead of UnanimousBased) Voting when Controlling Access to Methods To: [EMAIL PROTECTED] [http://acegisecurity.sourceforge.net/] In this example I have a simple interface, defined below, which needs role-based access control. public interface IBean { Workers and Managers can get the value. public String getValue(); Only Managers can set the value. public void setValue(String _value); } The access control is specified via a security interceptor like this: <bean id='securityInterceptor' class='...MethodSecurityInterceptor'> ... <property name='objectDefinitionSource'> <value> com.affy.IBean.getValue=ROLE_WORKER,ROLE_MANAGER com.affy.IBean.setValue=ROLE_MANAGER </value> </property> </bean> Since the the getValue method has more than one role associated with it, the type of voter used as the accessDecisionManager bean is important. If you choose UnanimousBased then the user must have both ROLE_WORKER and ROLE_MANAGER roles which is probably not what your security officer wants. Using the AffirmativeBased voter means that the user only needs one of the roles to be able to execute the getValue method. -- Posted by David Medinets to CodeBits at 10/25/2005 10:37:00 AM ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
