On 13-04-2009 at 02:34, Samuel Santos wrote:
> I use StripesSecurityFilter [2] since Stripes 1.4.2, but lately all I see
> about Stripes security is related to the SecurityInterceptor from
> Stripes-Stuff. By only looking at its page [3] it's not clear to me what the
> real advantages over the ACL solution are. Can someone enlighten me please?
When you're using role based security, there's no reason to switch.
The real advantage starts when you have instance based security, and you
don't want to create roles like "readAllDossiers", "readMyDossiers",
"readOrganizationDossiers", etc.
In the latter case, the security interceptor from Stripes-Stuff allows you to
implement any access control check you like, or use a spinoff from the J2EE
EJB security annotations, like this:
@RolesAllowed("manager", "employee if dossier.manager==currentUser")
Oscar
--
,-_ Oscar Westra van holthe - Kind http://www.xs4all.nl/~kindop/
/() )
(__ ( No trees were killed in the creation of this message. However,
=/ () many electrons were terribly inconvenienced.
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
