[
https://issues.apache.org/jira/browse/SHIRO-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13188070#comment-13188070
]
Jared Bunting commented on SHIRO-331:
-------------------------------------
I'm wondering if this can fit in with / solved by SHIRO-314? The only thing
that I don't see in there is the ability to use the parameters passed to the
method.
> The Spring ACL has a cool feature that allow you to evaluate any SpEL when
> doing Authorization check using annotation. This is a feature that allow
> doing the same with shiro.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-331
> URL: https://issues.apache.org/jira/browse/SHIRO-331
> Project: Shiro
> Issue Type: New Feature
> Components: Authorization (access control)
> Affects Versions: 1.1.0
> Reporter: DIALLO Mamadou BObo
> Labels: Authorization, SpEl,, Spring
> Original Estimate: 12h
> Remaining Estimate: 12h
>
> On Spring ACL you can annotate a function with something like this:
> @PreAuthorize("hasAnyRole('ROLE_SUPER_USER','ROLE_ SYSTEM_ADMIN') and
> hasPermission(#id, 'com.xyz.db.domain.impl.XyzConfigImpl', 'read')")
> Note the evaluation of a method, the use of logic operators, the ability t
> use the parameters passed to the method.
> This is a neccessary feature for doing any ACL like control check from an
> annotation because otherwise you're obliged to do the check your self from
> inside the method body.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
