Announcement Announcement Module
No announcement yet.
syntax for MethodDefinitionSource Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • syntax for MethodDefinitionSource

    I'm integrating acegi into an existing application. So far so good!

    My question is about the allowable syntax for MethodDeinitionSource. My goal is to specify some constant values for a parameter and have the MethodSecurityInterceptor only triggered if the the actual invocation matches the constant value.

    More specifically, I'd like to have a method

    Object findyById(int id, int mask)

    If the caller is going to modify the returned object, they can use

    Object myObject = findById(id, SimpleAclEntry.WRITE)

    which would trigger the MethodSecurityInterceptor and use an after-invocation manager to verify that the user has appropriate authorization.

    Where can I find the specific syntax that MethodDefinitionSource supports?



  • #2
    You'll need to author a custom AccessDecisionVoter which looks at your second argument. Aside from that, it would be largely the same as your BasicAclEntryVoter.

    The most elegant way of dealing with the situation would be to leave getById(int id) as secured by BasicAclEntryVoter, with standard SimpleAclEntry.READ permissions. Then have a (possibly second services layer bean) method called canWrite(Object), canDelete(Object), canAdminister(Object) etc. It's thus very flexibile and you keep configuration in XML. The methods would return void, as an AccessDeniedException would be caused by BasicAclEntryVoter if the required permission was not held.