On Fri, 24 Sep 2004 13:53:12 +0100, App Fuse mailing list wrote > hi all, > > I'm just starting to learn about acegisecurity. I've been looking > at the archive and was just wondering what the current status of: > > Instance security in .61 > Documentation on the above. > Example applications/code using above.
Since instance security is specific to the objects you're protecting and the kinds of checks you do inside of (or right "above") your service methods, ultimately you'll have to write this yourself. That said, the underlying support is there, although the docs don't cover it much (I'll be glad to help in that regard). Maybe if I share how I'm approaching the problem you can glean something from it. Note that I've only implemented 25% of the ideas below, so if you or anyone sees a better way, please let me know. ;-) My application's security can be organized as protecting 3 things - 1) the visibility of GUI elements like links, buttons, columns, tabs, 2) the visibility of database records and 3) the access to my service methods. I'll protect #1 using the authz JSP tag and mapping role sets to visual elements (I still like the term entitlements better, but that's just me). I'll protect #2 by including the user's identity in formulating DB queries, and I'll protect the service methods by including declarative security and those same roles mentioned above, as well a programmatically using the user's identity and the object's identity to determine if they can update or delete the thing. This could be done inside of the service methods themselves, but I'm leaning towards putting these checks in a service facade just "above" to keep the services clean. The best example I've seen on this is (although embedded in the service code) the ContactManagerFacade.java code in Acegi's samples. Take a look at the getById(int) method for more info. HTH, Scott ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
