Trustin Lee wrote:
Do we need accessControlEnabled property here? Can user just insert or remove AuthorizationService?
That's more of a configuration pain. Adding and removing the Authz service can cause more errors and user needs to remember package/class name etc. This way users can toggle true/false property to control one or more authz services.
Plus as touched on above one or more Authz service may be in use. We may have in one service for rule-based-access-control and another for basic-access-control etc.
Alex
