Announcement Announcement Module
Collapse
No announcement yet.
Authorizing Custom Roles in .jsp Page Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authorizing Custom Roles in .jsp Page

    Hey All,

    I've got a ITEM_OWNED_BY_CURRENT_USER role voter, and I'd like to display a delete submit button in the item's details page if the current user owns the item. How do I get Acegi to check for this role from <authz:authorize ifAllGranted="ITEM_OWNED_BY_CURRENT_USER"> and display the button?

    Thanks,
    James

  • #2
    Oh yeah, I'm also up for any other suggestions on how to do this besides that above tag.

    Thanks,
    James

    Comment


    • #3
      Hello James,

      Simply put the button inside the authz:authorize tag, like this:
      Code:
      <authz&#58;authorize ifAllGranted="ITEM_OWNED_BY_CURRENT_USER">
      <button name="delete" .../>
      </authz&#58;authorize>
      If you question is how to add this role to the current user, then I must let someone else respond, as I don't have enough experience with Acegi Security.

      Hope that helps !
      François

      Comment


      • #4
        Francois answered the taglib question well (he wrote the taglib after all!) :-)

        As for adding roles to principals, you need to modify your backend authentication repository (ie what your AuthenticationDao fronts) yourself. Acegi Security provides no mechanism to change the roles in the authentication repository.

        Comment


        • #5
          Hi James:

          Not sure if this helps, but, we use Acegi's ACL features to control this sort of access. When a new domain object is created, the service facade transparently gives the current user sufficient permission to view/edit/delete/administer the newly created object.

          Then we use the authz:acl tag to correctly display the delete tag where appropriate:
          Code:
          <%-- must have delete privilege to delete --%>
          <authz&#58;acl domainObject="$&#123;someObject&#125;" hasPermission="16">
             <a href="deleteSomeObject?someObject=<c&#58;out value='$&#123;someObject.id&#125;'/>">Delete</a>
          </authz&#58;acl>
          Acegi's ACL is really great for this, because it allows for easily creating sophisticated permission hierarchies and access logic.

          HTH,

          Dave

          Comment


          • #6
            Hey Dreed,

            Yes, this certainly helps. Thank you very much! I'll let you know if I have any further questions.

            Take care,
            James

            Comment

            Working...
            X