Spring Security
  1. Spring Security
  2. SEC-666

AccessControlList tag should support permission codes

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.0 M1
    • Fix Version/s: 3.0.0 RC1
    • Component/s: Taglibs
    • Labels:
      None
    • Environment:
      N/A

      Description

      Currently the tag supports integers for the permissions:

      <security:accesscontrollist domainObject="$

      {contact}" hasPermission="2,4,16">

      The implementation of the tag has a private method:

      private Permission[] parsePermissionsString(String integersString)

      which is hard-coded to use the BasePermission class. The BasePermission class has the following methods:

      public static Permission buildFromName(String name)
      public static Permission[] buildFromName(String[] names)

      Given this, it should be pretty straightforward to enhance the parsePermissionString method to support the Names as well.

      <security:accesscontrollist domainObject="${contact}

      " hasPermission="W, C, A">

      Which is much more intuitive as it is difficult to remember permission to integer mapping.

      Going a bit further, it might also be desirable to allow a custom implementation of Permission to be specified on the ApplicationContext so that customPermission implementations could be used.

        Activity

        Hide
        Oleg Gorobets added a comment -

        I'd better suggest to provide PermissionFactory (or PermissionBuilder) interface with method
        Permission buildFromName(String name) to support several permission implementations rather than specifying only one in the application context.

        Show
        Oleg Gorobets added a comment - I'd better suggest to provide PermissionFactory (or PermissionBuilder) interface with method Permission buildFromName(String name) to support several permission implementations rather than specifying only one in the application context.
        Hide
        Luke Taylor added a comment -

        This should already be available as part of the work on SEC-1022. The use of PermissionFactory to convert names or numeric values to Permission instances is already integrated with the tag. So you can supply an instance in the app contex, or use the default one (DefaultPermissonFactory).

        Show
        Luke Taylor added a comment - This should already be available as part of the work on SEC-1022 . The use of PermissionFactory to convert names or numeric values to Permission instances is already integrated with the tag. So you can supply an instance in the app contex, or use the default one (DefaultPermissonFactory).

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Troy J. Kelley
          • Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: