Announcement Announcement Module
Collapse
No announcement yet.
Acegi Usage Scenario Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi Usage Scenario

    Hello All,

    I'm newbie with Acegi. Now I need to implement some Security API for third-party spring-based framework without any framework modifications. This third-party framework is aimed for servicing the hierarchy of objects. This hierarchy is very similar to ordinary file system: there are folder-like objects and file-like objects within folders, both mounted to the object-tree.
    And admin should be able to restrict access to some "folders" and "files" by xml config likes the next:
    Code:
    ....
    <object type="folder">
            <path>/folder1/</path>
    	<grant>
    		<user>user1</user>
    		<permission>
    			<action>read</action>
    			<action>edit</action>
    		</permission>
            </grant>
    </object>
    ....
    <object type="file">
            <path>/folder1/file1.file</path>
    	<grant>
    		<user>user1</user>
    		<permission>
    			<action>read</action>
    			<action>delete</action>
    		</permission>
            </grant>
    </object>
    Some of these actions can be mapped to the exact methods of the exact classes, others are abstract and existing just for checking.
    Some actions should be checked before invocation, others which return list of objects should be checked after invocation and returned result should be filtered if needs.
    Can sombody advice me such API can be implemented using Acegi and if yes then suggest some usage scenario?

    Best Regards,
    Alex

  • #2
    Pretty much you are trying to express ACL information inside an ApplicationContext instead of inside a database as per JdbcDaoSupport. You therefore need to write a custom implementation of BasicAclDao which uses a PropertyEditor (or some other mechanism) to configure the ACL information inside the BasicAclDao.

    Another approach might be to use the standard JdbcDaoSupport, but focus on providing an in-memory database that represents the ACL information. The in-memory database can be configured via a bean. See sample.contact.DataSourcePopulator for a guide. You'd just need a property editor that reflected your ACL details. eg:

    Code:
    <bean id="myInMemoryDataSource" class="foo.com.DataSourceFromXml">
      <property name="acls">
        <value>
          /=ROLE_ADMINISTRATOR&#58;admin
          /foo/=scott&#58;write
          /foo/foo.txt=marissa&#58;read,write;ROLE_EVERYONE&#58;none
        </value>
      </property>
    </bean>
    This would depend on your Folder and Filter domain objects providing a getId() method that returns their pathname which is consistent with the values used by your in-memory data source.

    Hope this gives some ideas on handling it.

    Comment

    Working...
    X