Hi,
I'm currently investigating using Acegi for the security of my spring based
app and what I see so far seems very flexible and well thought. Congrats to
the dev team!
I'd like to ask for feedback about the best strategy to implement my
authorization requirements. Indeed I need to give access to some domain
objects depending on their state (eg grant when field1=value1), and I'm not
sure what's the best option for this. I think I could use ACL, and update
the ACE when the object state change. Since my objects do not change very
often, it might be a good solution. But then if I want to revoke a right I
will have to update the ACL of all objects matching the corresponding state.
The other idea I have is to implement my own AccessDecisionVoter, taking
care of querying the state of the object to grant or deny access.
Do you have an idea of what's the best approach? Maybe you even think at
another better alternative? Any feedback would be appreciated.
Regards,
Xavier
--
Xavier Hanin - Independent Java Consultant
http://xhab.blogspot.com/
http://incubator.apache.org/ivy/
http://www.xoocode.org/
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
