We use home grown Authentication system and database tables for Authorization. Here is the Situation we are in:
Domain Object : Address Block We have business rule which states check User/Group Privileges on Address Block before Create, Update, Delete IpAddress. User/Group Privileges on Address Block are retrieved from database table using HQL named query. This is done inside a method "checkAddressBlockPrivileges" Target: As we may have more domain objects like Address Block, we want to move away from writing methods Proposal: We are thinking to delegate the job of checking user/group privileges to Proxy, using something like Spring AOP. As we are naive to the world of AOP, any pointers/suggestions on how to architecture/design will be highly appreciated PS: We use Spring Transaction Proxy configured in Spring XML file -- View this message in context: http://www.nabble.com/Object-Level-Security-tp17700453p17700453.html Sent from the MyFaces - Users mailing list archive at Nabble.com.
