March, Andres wrote:
I agree with your assessment Ben. Had many of those thoughts myself as I was pondering our situation. In the end we went with VOTERS DETECT OBJECT AS PARAMETER AND QUERY ACL OBJECT. Seems like the best choice for us since we only want to deny or allow access not mutate or filter properties of the object.
I've just added an access control list (ACL) package to CVS HEAD. It offers:
- integer bit masking (like Unix's chmod command) - permission inheritance (including blocking) - JDBC ACL repository - caching - pluggable like the rest of Acegi Security - about 99% unit test coverage accordingly to Clover - all classes have Javadocs - covered in the reference guide
No sample application yet, but I'm working on that tomorrow as part of Spring RCP's Petclinic.
People's comments on the new package are most welcome.
Best regards Ben
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
