ACEGI already has a request filter built in. If you are using AppFuse 1.9.4, look in the security.xml file for the bean called "filterInvocationInterceptor" where you will find the mapping for the roles to URLs. ACEGI is powerfull and extensible - it should be able to meet most (if not all) your security requirements.
Mike. On 12/8/06, Nathan Anderson <[EMAIL PROTECTED]> wrote:
It sounds like what you want is a "permission filter". Something that will examine each request and either create a session scoped variable with that users permissions, or update it if it has changed in the DB. Then on your pages you just need to make sure users can only see data/options/etc that apply to the permissions they have. If this is what you want to do there is probably a number of ways to do it. My initial though was to create a request filter from scratch, but it may be worth a look at ACEGI to see if they already handle this problem. I'm guessing that they do because I know if you change your password in an ACEGI app, you need to log in again because your previous login became invalid. Nathan majaa majaa wrote: > Hello > I'm newbie at spring technology and appfuse. > In my application i have a table user, table groups and table > permission that contain id from user, id from groups and value of > permission. > When a user logs in, i read all permission to session and I check all > permission in filters. > I don't know where I should do this. Now I have it on first page which > I get after login. > But it isn't good solution. > Perhaps the best idea is to use proxy before I get to each page? How > should I do this? > Perhaps it is possible to do it with acegi (with parameters user, > groups (BUT during session i can change groups and th en i have > another permission to these pages -> dynamic permissions). > thanks for your help (in advance) > majaa > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
