Ben,
Thank you very much for the explanation. Just another possible solution
occured to me:
1) to define "ask" functions like this in secured beans:
public boolean canModify(MyBean obj) {
return true;
}
public boolen canInsert() {
return true;
}
2) apply to those functions the required roles in the
MethodSecurityInterceptor definition
sample.contact.ContactManager.save=CONTACT_OWNED_BY_CURRENT_USER
sample.contact.ContactManager.canModify=CONTACT_OWNED_BY_CURRENT_USER
3) then those functions can be safely called because in case of Granted
access they will return true and will not perform any action and in case of
denied access they will throw an exception:
try {
myService.canModify(myBean);
// access granted code
} catch (AccessDeniedException ex) {
// access denied code
}
Karel
----- Original Message -----
From: "Ben Alex" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 12:01 AM
Subject: RE: [Acegisecurity-developer] how can GUI ask if an operation will
be permited or not?
> > Is there an easy way how can the GUI ask a secured bean if an
> > operation will be permited or not? Because according to the
> > result it will allow logged user to for example modify some
> > items or show them read only.
> > Do I have to implement the same access logic (as in voters)
> > again in my GUI looking at users GrantedAuthorities and some
> > properties of object I'm working with?
>
> In my current Swing project, most GUI Actions have their own ROLE_. That
way
> a login screen at startup can ask for the username and password, then
> perform a simple checkPassword operation on the server. It is just a
simple
> secure business method which returns the GrantedAuthority[]. An exception
> indicates credentials problems, whilst success indicates the
> roles/permissions/authorities the user has. The GUI is then configured so
> only those GUI Actions which the user holds a granted authority for are
made
> visible. This keeps it reasonably simple, but this might not be
appropriate
> for your application.
>
> > It would be nice to ask the appropriate
> > accessDesisionManager, but where to get the
> > ConfigAttributeDefinition which is defined in the interceptor....
>
> If you like you can define your ConfigAttributeDefinition separately from
> the MethodSecurityInterceptor. Use the same approach as is used for
Commons
> Attributes, as illustrated by the Attributes sample application and
section
> 1.4.2 of the reference documentation.
>
> Best regards
> Ben
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: GNOME Foundation
> Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event.
> GNOME Users and Developers European Conference, 28-30th June in Norway
> http://2004/guadec.org
> _______________________________________________
> Acegisecurity-developer mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>
>
-------------------------------------------------------
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
