App Fuse mailing list wrote:

ok, so the term voter is specific to Acegisecurity etc, and not a wider used term in Spring, IOC, AOP etc. that I have missed?

I'll look at the code and see what I understand :-)

Thanks Justin

Justin, net.sf.acegisecurity.vote.RoleVoter is an Acegi Security-specific interface. It's actually called by one of the xxxxBased classes in the same package, which tally the votes using different rules (eg AffirmativeBased, UnanimousBased etc). The xxxxBased classes (or another implementation of AccessDecisionManager) is called by a MethodSecurityInterceptor or a FilterSecurityInterceptor (or indeed any subclass of AbstractSecurityInterceptor).

The RoleVoter is the typical way of implementing custom authorization decisions. Although people are also free to write their own AccessDecisionManager and do something else entirely.

The net.sf.acegisecurity.acl.basic package is typically tied in via a RoleVoter. If you want to perform instance-based security on a method invocation, you'd typically write a custom RoleVoter which consults the AclManager to lookup the instance's access control list. Alternatively, your business method itself or your own ACL interceptor can call the AclManager to lookup the access control list. The ACL package merely returns the effective ACLs. Your application still needs to know what the ACLs mean and how to respond. Typically you'll throw an AccessDeniedException if an unauthorized operation is requested, but people are equally free to null out values in the returned object, roll back a transaction, log the event or some other behavior.

HTH
Ben



-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to