Hi Sergio,
yes, we're talking about the same scenario, let me just point out
one more issue. First of all I am/will be using a servlet application
that connects to an enterprise server that connects to the database.
Not necessarily EJBs.
I want to enforce security on domain objects (Account) in
Well, that's true for the business objects implementing services. Sorry that
I didn't make that clearer.
What I have in mind are domain objects actually modelling the data,
protected by Acegi. Imagine an Account class that offers a method called
getBalance() and that method is protected with
On Saturday 05 March 2005 00:47, Andreas Prohaska wrote:
But even without trusting my client, assume that I have the secured
Account instance in the servlet tier. Now imagine a wizard that allows
the current user to edit the Account, perhaps in multiple steps.
Everyone would agree that it's a