On Fri, Feb 26, 2010 at 11:52 AM, Peter Ledbrook <[email protected]> wrote:
>> The idea of the UnauthorizedException is that they are unauthorized to
>> execute that method and not to reflect the fact that authorization
>> failed due to them being unauthenticated.
>
> Which is why there is an UnauthenticatedException, although the fact
> it extends AuthorizationException is a small fly in the ointment.
Ah yes, I remember now - that should be cleaned up.
> Fair enough, but it's is really a question of how this should be
> modeled using annotations. You can't sensibly have a permission or
> role check unless the principal is know. In other words, the user
> needs to be remembered or authenticated.
Yes, you're right - I phrased that incorrectly previously. At least
some identity has to be known against which to perform the check.
> You suggest adding @RequiresAuthentication or @RequiresUser, but that
> does seem a bit verbose to me.
I meant that if you want a method to be executed by an authenticated
user and that user must also have the "user:edit" permission, then
there should be 2 annotations for that method. That, or they use a
combo of class-level and method-level annotations to do what they want
(as per your example below).
> Also, how do we combine class-level
> annotations with method level ones? Do annotations on methods override
> the ones on classes? Should overriding only happen if the method and
> class annotations are of the same type (authentication or
> authorization requirements)?
>
> Maybe an example would help to define behaviour:
>
> @RequiresAuthentication
> class MyService {
> void methodOne() {}
>
> �...@requiresroles("Administrator")
> void methodTwo() {}
>
> �...@requiresuser
> �...@requirespermissions("custom:read")
> void methodThree() {}
>
> �...@requiresguest
> void methodFour() {}
> }
>
> I suggest this behaviour:
>
> 1. methodOne() requires an authenticated user (from the class annotation)
>
> 2. methodTwo() requires an authenticated user with the role "Administrator"
>
> 3. methodThree() requires an authenticated or remembered user with the
> permission "custom:read"
>
> 4. methodFour() can be accessed by anyone
>
> What do people think? Perhaps there are other scenarios we need to think
> about?
These all make sense to me. Class level annotations should only be
overwritten by method annotations of the same type IMO. If a method
has a different annotation type than the class one, it should be
compounded ('and'ed) IMO.
Just my .02,
Les
