Announcement Announcement Module
No announcement yet.
Factory that creates Acegi protected objects Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Factory that creates Acegi protected objects

    I have this sort of situation:

    interface Users {
    User getUserByID(String ID);

    Anyone should be able to execute this method. The User object returned should however be protected by acegi.

    In my UsersImpl I can not just do "return new UserImpl(ID)", since I can not intercept this.

    I believe the correct path is to have something like this in UsersImpl:

    return applicationContext.getBean("UserFactory").createUs er(ID);

    I can then use ProxyFactoryBean to proxy the UserFactory interface, and add my Security definition as an interceptor.

    But, referring to applicationContext from a POJO implementation feels wrong.

    Can someone please get me on the right track?

  • #2
    The Acegi Security reference manual has an "Access Control List" section which discusses the various approaches to this problem, and the respective advantages and disadvantages of each. If you have any further questions after reading this section, please feel free to ask.