Announcement Announcement Module
No announcement yet.
Use of ACL Voters in the FilterSecurityInterceptor Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Use of ACL Voters in the FilterSecurityInterceptor

    Hey All,

    Is there a way to get the FilterSecurityInterceptor that gets plugged into SecurityEnforcementFilter to accept ACL voting?

    I've tried plugging an ACL voter in as a decisionVoter inside of the accessDecisionManager of the SecurityEnforcementFilter, but this doesn't ork - there is no way it knows what object I'm testing against.

    I'm mainly trying to give access of a display url to a given user if that person is the owner of that display's object. Has anyone gotten anything like this to work?


  • #2
    SecurityEnforcementFilter delegates to FilterSecurityInterceptor, against which a FilterInvocationDefinitionMap is defined. The 'secure object' type being used is FilterInvocation.

    Your AccessDecisionVoters can be wired against an AccessDecisionManager concrete implementation that is in turn wired against FilterSecurityInterceptor. Such voters would support the FilterInvocation secure object type, and be able to cast to that object and access its properties.

    Having said that, if you're mainly interested in having a web UI display content based on a principal's ACL permissions or roles, you'd be better off using the taglibs. See