David Medinets wrote:
I'm trying to use ACEGI to do some method-level access control. I seem
to have everything connected but when I create an object I see a
message saying that the object is public so the access control is not
used.
How do I create a private object?
I can provide the Spring XML configuration file and Java code if
anyone is interested.
-david
Acegi Security provides authorization via AOP. So you need a way of
introducing security advice to the object you create. Generally people
do this declaratively via the application context. Alternatively, you
can create an AOP proxy programatically using Spring's standard classes.
Another approach is to use AspectJ, which will compile the advice in at
development time and thus you can simply use the Java "new" operator to
receive in effect a proxy object.
If you're happy to live with authorization only during services layer
invocations, you can weave some AOP into those services layer methods
and then use either a custom AccessDecisionVoter or Acegi Security's
domain ACL services to achieve security.
Best regards
Ben
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
