[ http://jira.andromda.org/browse/SPRING-97?page=comments#action_12038 ] Peter Friese commented on SPRING-97: ------------------------------------
Hi Kiran, Chad and I have discussed your patch and your comments. We think that it is a good idea to use the modeling support we have at hand to implement security features. You might like to take a look at the test model for the Spring cartridge: it has a class diagram showing off how security modeling can be used. Basically, it boils down to drawing some dependencies from your actors to the services or methods you want to secure. Unfortunately, we do not have a how-to for security modelling so far, but Jens Vagts promised to write one. As we're approaching the release of AndroMDA 3.1, we suggest that you a) have a look at the test model b) read Jens' how-to (as soon as it comes out) and then try to change your patch in a way it fits with these ideas. How does that sound to you? > Create methods in the serviceSecurityInterceptor from objects with a > "Service" stereotype and add a tagged value for the processConfigAttribute > ----------------------------------------------------------------------------------------------------------------------------------------------- > > Key: SPRING-97 > URL: http://jira.andromda.org/browse/SPRING-97 > Project: Spring Cartridge > Type: New Feature > Versions: 3.1RC1 > Reporter: Kiran Keshav > Assignee: Peter Friese > Attachments: SpringMetafacadeModel.xml.zip, patch.txt > > Add functionality to create all methods in the serviceSecurityInterceptor > based on methods in a service (objects modelled with a "Service" stereotype). > Add a tagged value to set the processConfigAttribute on each of these > methods (ie. ACL_FOOBAR_EDIT). This tagged value will be part of the > WebServiceOperation stereotype. > eg. > <bean id="serviceSecurityInterceptor" > class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> > <property name="authenticationManager"><ref > bean="authenticationManager"/></property> > <property name="accessDecisionManager"><ref > local="businessAccessDecisionManager"/></property> > <property name="afterInvocationManager"><ref > local="afterInvocationManager"/></property> > <property name="objectDefinitionSource"> > <value> > foo.bar.FooBarService.getAllFooBars=user, admin > foo.bar.FooBarService.updateFooBar=ACL_FOOBAR_EDIT > foo.bar.FooBarService.removeFooBar=ACL_FOOBAR_DELETE > </value> > </property> > </bean> ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
