Something that removes items from collections according to data
visibility constraints declaratively must be quite complex.
Presumably the collections are declared in a Spring-style context factory?
And then you would have to declare which property of the item provides
the IDs, and you also declare a set of IDs which each role has
visibility of? Can you provide an object reference in Acegi config with
a callable method that will return the IDs required?
Or am I wide of the mark here?
rgds
Adam
Laurie Harper on 20/11/05 23:38, wrote:
Actually, Acegi does offer what Raghu was looking for (or at least one
possible route to achieving it). One of the things it can do is
automatically filter collections to remove items the current user
shouldn't be allowed to see, so you don't have to bury that kind of
business logic in your database. Since it lets you do this
declaratively, it's easy to change with changing business requirements.
L.
Adam Hardy wrote:
Hi Raghu, Laurie,
I did a project recently which used the Acegi security project which
comes bundled with Spring, and although I was never involved in the
implementation of it myself, I heard that it was effective.
Am I correct in assuming though that it does not offer the alternative
that Raghu was looking for, despite the fact that he(you) seems very
positive about it?
I can't see how such a security requirement can be implemented in any
other way than via the database. It is simply a question of data
visibility, in other words, who the data is visible to and to whom it
is not visible. The best you can do as far as I can see is to optimise
the caching, especially if the relationships are relatively stable.
Or is this perhaps a pattern that I am not aware of?
Adam
Raghu Kanchustambham on 20/11/05 16:50, wrote:
On the first cut this looks like authentication/authorization for Spring
framework. Do I need to get struts co-exist with spring for this to
work ?
And how much of an effort would that be?
But yes.. this looks quite a powerful and neat concept.
Thanks for refering it.
Regards,
Raghu
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
