Hi Jean-Louis,
A simple use case is a method that creates an object, stores it to the
database and returns it.
You may want to check the object to decide if the user is allowed to
create it. With my proposal it is as easy as:
public class MyObjectRepository {
@Create
public MyObject create() {
...
}
}
public class MyAuthorizer {
@Secures @Create
public boolean canCreate(@Result MyObject object) {
// security check here
}
}
Hope that makes it clear. And note that the check may depend on the state
of the object, i.e. the user is just allowed to create the object, if he
is the owner...
Cheers,
Arne
Am 13.12.12 09:20 schrieb "Jean-Louis MONTEIRO" unter <[email protected]>:
>Hi Arne,
>
>Just read the JIRA but could not find a relevant use case for that.
>But if you proposed it, I probably missed something so if you could
>elaborate a bit more.
>
>Jean-Louis
>
>
>2012/12/13 Mark Struberg <[email protected]>
>
>>
>>
>> +1
>>
>>
>> ------------------------------
>> Arne Limburg schrieb am Mi., 12. Dez 2012 23:38 PST:
>>
>> >Hi,
>> >
>> >What do you think of supporting post-method-authorization (see [1]) in
>> addition to our current pre-method-authorization?
>> >I just started coding it and it is not much to do.
>> >
>> >Cheers,
>> >Arne
>> >
>> >[1] https://issues.apache.org/jira/browse/DELTASPIKE-298
>> >
>>
>>
>
>
>--
>Jean-Louis
