Frank W. Zammetti wrote: > I.e., you want /showAccount.do accessible to the AccountManager and Customer > roles, but you only want /updateAccount.do accessible to the AccountManager > role? As I understand it, you would have something like /accountResource.do, > and dispatch to a particular method... how could I secure one but not the > other based on role? >
Acegi, other, or hand-rolled method- (or object- or...) -based role processing. Before I knew about Acegi (or anything else, really :/ I handled things like that through base classes. Even with a single-URI dispatch-style codebase the action code is pretty tight with well-injected service classes. Command handlers can also be injected, making for nice, small source files (ahhhhhh) with low complexity metrics. Although I must inform folks that I just worked on a 350-line Action with a cyclometric complexity of 36... Pity me... hurry... length isn't everything. Er... Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
