Hello all, I was recently discussing the method of assigning roles to specific resources on a Spring thread on TSS and a Gentleman named Colin suggested I raised the points here. Below is a copy of the post I made on TSS. I dont know if I am missing something but perhaps it will be food for thought.
Thanks Wez --------------------- Colin, I dont think I was being as clear as I could have been. Also, please bear with me because I am certainly a greenhorn when it comes to many of these concepts. Lets take the example of URL based security (The FilterInvocationInterceptor). The mapping between the security role required and the actual code that handles that URL invocation seems to be based on a list of URL's and the roles required to access them. I can understand the benefits of this approach but I have found that if I decide to change my controller mappings I also have to go back and change the information supplied to the objectDefinitionSource attribute of the FilterInvocationInterceptor. I wonder whether it would be possible to obtain the information provided by the objectDefinitionSource from the Controller itself. Lets say I have a controller called 'AdminController' that provides the model and the view for a system administration screen. This controller is mapped to /admin/index.html. The objectDefinitionSource in the FilterInvocationInterceptor has '\A/admin/.*\Z=ROLE_ADMIN'. If I later decide that the admin URL shoudl be '/tools/admin.html' I have to change both the controller mapping and the objectDefinitionSource. This is not a major problem, and perhaps I am splitting hairs but if the 'ROLE_ADMIN' was assigned directly to the controller then I could remap URLs without needing to reconfigure the security system. I suspect that a similar approch could be used to wrap the 'BankManager' bean in your provided example, this would allow the security information to remain 'attached' to the object that it is securing. I hope this was a little clearer. Wez ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
