I use Enums with String values persisted with JPA (@Enumerated(String)) in my permissions table.
So for instance I'd have:
Enum Printer {
QUERY,
CLEAR,
QUEUE_JOB
}
And then in my code I'd just:
if (SecurityUtils.getSubject().isPermitted(Printer.QUERY) {
// do something
}
It's quite simple actually, and it works with compile-time validation.
Actually, that's why I implemented it this way. The only drawback here,
is that you should provide some smart UI for an administrator to easily
define permissions this way.
Cheers,
PP
On 5/20/12 8:51 PM, John Moore wrote:
> I'm using wildcard permissions in a Grails application I'm working on,
> and there is something which has been bothering me in terms of code
> robustness, so I'm interested in hearing how others deal with this - it
> may not be a problem at all. The question is this - if we're using
> simple strings, with no compile time checking, what can we do to avoid
> problems from mistyping permissions? That is, when you test in your
> application whether the subject has permission to do something, e.g.,
>
> if ( SecurityUtils.getSubject().isPermitted("printer:query:lp7200") {
> //do something
> }
>
> how do you know that that what you are checking for is a valid
> permission? For example, the user may actually have been assigned the
> permission "printing:query:lp7200" (i.e., "printing" not "printer"), so
> this test would return false. It strikes me as something of a potential
> minefield for errors. Is there some good way of making sure checked-for
> permissions match assigned permissions? Or is this just something you
> have to put lots of testing code in for?
--
Paulo Pires
Ubiwhere
signature.asc
Description: OpenPGP digital signature
