Feel free to make a suggestion. What about @SecuredResult or @SecuredReturnValue ?
Am 13.12.12 10:50 schrieb "Gerhard Petracek" unter <[email protected]>: >+1, but imo we need a better name for it. > >regards, >gerhard > > > >2012/12/13 Rudy De Busscher <[email protected]> > >> All, >> >> I had once also such a requirement (post-method authorization) where >>this >> could be very handy. >> >> We kept information about persons (name, age, address, medical info, >>...) >> but there where some categories. One kind of category was linked to the >> Royals and you needed a special role before you could read the >>information. >> >> So we where only able to determine if the user was allowed to read the >> person information after we had read it frmo the database and matched >>the >> category. >> >> So >> +1 >> >> Regards >> Rudy >> >> >> On 13 December 2012 09:26, Arne Limburg <[email protected] >> >wrote: >> >> > Hi Jean-Louis, >> > >> > A simple use case is a method that creates an object, stores it to the >> > database and returns it. >> > You may want to check the object to decide if the user is allowed to >> > create it. With my proposal it is as easy as: >> > >> > public class MyObjectRepository { >> > @Create >> > public MyObject create() { >> > ... >> > } >> > } >> > >> > public class MyAuthorizer { >> > >> > @Secures @Create >> > public boolean canCreate(@Result MyObject object) { >> > // security check here >> > } >> > } >> > >> > >> > Hope that makes it clear. And note that the check may depend on the >>state >> > of the object, i.e. the user is just allowed to create the object, if >>he >> > is the owner... >> > >> > Cheers, >> > Arne >> > >> > Am 13.12.12 09:20 schrieb "Jean-Louis MONTEIRO" unter < >> [email protected] >> > >: >> > >> > >Hi Arne, >> > > >> > >Just read the JIRA but could not find a relevant use case for that. >> > >But if you proposed it, I probably missed something so if you could >> > >elaborate a bit more. >> > > >> > >Jean-Louis >> > > >> > > >> > >2012/12/13 Mark Struberg <[email protected]> >> > > >> > >> >> > >> >> > >> +1 >> > >> >> > >> >> > >> ------------------------------ >> > >> Arne Limburg schrieb am Mi., 12. Dez 2012 23:38 PST: >> > >> >> > >> >Hi, >> > >> > >> > >> >What do you think of supporting post-method-authorization (see >>[1]) >> in >> > >> addition to our current pre-method-authorization? >> > >> >I just started coding it and it is not much to do. >> > >> > >> > >> >Cheers, >> > >> >Arne >> > >> > >> > >> >[1] https://issues.apache.org/jira/browse/DELTASPIKE-298 >> > >> > >> > >> >> > >> >> > > >> > > >> > >-- >> > >Jean-Louis >> > >> > >>
