March, Andres wrote:
When using an afterInvocationManager it may not always be necessary or
possible to provide before invocation security, so why require an
ADM? I just use one that is allows everyone and abstentions to pass
but it seems like a bit of overhead when all I really care about is
filtering the response data. Am I missing something?
You could always write (assuming you haven't already, as it sounds like
from your email) a NoOperationAccessDecisionManager which implements
AccessDecisionManager and just immediately returns from each method.
Most people check the user has a ROLE_USER or similar in the
AccessDecisionManager, to ensure the user is logged in before they
invoke the method. I can't see that invocation adding much overhead to
be honest - it's not being dynamically proxied or anything, it's just
calling a method that immediately returns. Do you have some profiling
that shows it's adding a lot of overhead to your app? If so we could
possibly make it a switchable parameter on the AbstractSecurityInterceptor.
Cheers
Ben
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer