Les,
Could you develop this answer? It got me curious, but I don't feel I
quite understand what you meant with
The Permission instances themselves can also be represented as an Enum
(Permission.OPEN_FILE == new FilePermission(FileAction.OPEN));
Cheers,
PP
On 21/05/12 19:27, Les Hazlewood wrote:
> Paulo's solution is probably the best if you want to be type-safe and
> still use WildcardPermission strings.
>
> But don't forget that these strings are convenience notations for
> actual Permission instances (WildcardPermission). If you want to be
> fully type-safe with all the OO features you might need, you can
> implement the Permission interface directly:
>
> UserPermission
> PrinterPermission
> FilePermission
> etc
> etc
>
> and have type-safe actions as enums:
>
> public enum FileAction {
> OPEN,
> DELETE,
> APPEND,
> ...
> }
>
> new FilePermission(FileAction.DELETE);
>
> The Permission instances themselves can also be represented as an Enum
> (Permission.OPEN_FILE == new FilePermission(FileAction.OPEN));
>
> Aside from having a nice concrete set of type-safe behaviors (great
> for compile-time error checking, etc), the other big benefit of this
> approach is speed - these implementations will naturally be faster
> than something based on String tokenizing/parsing. This can be a big
> deal if you have a lot of permissions and/or a lot of permission
> checks.
>
> HTH,
>
> --
> Les Hazlewood
> CTO, Stormpath | http://stormpath.com | 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> blog: http://leshazlewood.com
> stormpath blog: http://www.stormpath.com/blog
>
> On Sun, May 20, 2012 at 12:51 PM, John Moore <[email protected]> wrote:
>> I'm using wildcard permissions in a Grails application I'm working on, and
>> there is something which has been bothering me in terms of code robustness,
>> so I'm interested in hearing how others deal with this - it may not be a
>> problem at all. The question is this - if we're using simple strings, with
>> no compile time checking, what can we do to avoid problems from mistyping
>> permissions? That is, when you test in your application whether the subject
>> has permission to do something, e.g.,
>>
>> if ( SecurityUtils.getSubject().isPermitted("printer:query:lp7200") {
>> //do something
>> }
>>
>> how do you know that that what you are checking for is a valid permission?
>> For example, the user may actually have been assigned the permission
>> "printing:query:lp7200" (i.e., "printing" not "printer"), so this test would
>> return false. It strikes me as something of a potential minefield for
>> errors. Is there some good way of making sure checked-for permissions match
>> assigned permissions? Or is this just something you have to put lots of
>> testing code in for?
--
Paulo Pires
