Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-999

Expression language based access decision support

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0 M1
    • Component/s: Core
    • Labels:
      None

      Issue Links

        Activity

        Hide
        ironstorm Garth Dahlstrom added a comment -

        It would be really cool, if we could secure method level access by role and data ownership using a conditional role annotation.

        @Secured(

        {"ROLE_TELLER::userAuth.clientList.containsKey(arg0) }

        )
        account readAccount(int clientId);

        where userAuth is an object containing user authorizations (spring security context or something like that... I'm guessing).

        I noticed there was an example relating to something like this @ http://blog.gomilko.com/2008/01/12/acegi-conditional-roles/ :
        @Secured(

        {"ROLE_USER::authentication.principal.customerId == arg0" }

        )
        void addItem(Integer customerId, Integer itemId, Integer amount);

        Show
        ironstorm Garth Dahlstrom added a comment - It would be really cool, if we could secure method level access by role and data ownership using a conditional role annotation. @Secured( {"ROLE_TELLER::userAuth.clientList.containsKey(arg0) } ) account readAccount(int clientId); where userAuth is an object containing user authorizations (spring security context or something like that... I'm guessing). I noticed there was an example relating to something like this @ http://blog.gomilko.com/2008/01/12/acegi-conditional-roles/ : @Secured( {"ROLE_USER::authentication.principal.customerId == arg0" } ) void addItem(Integer customerId, Integer itemId, Integer amount);
        Hide
        luke Luke Taylor added a comment -

        Working on web expressions and standard way of configuration a handler/parser.

        Show
        luke Luke Taylor added a comment - Working on web expressions and standard way of configuration a handler/parser.
        Hide
        luke Luke Taylor added a comment -

        Closing as the basic implementation for M1 is complete. We need to add better support for plugging in extra expressions and will add other features based on feedback.

        Show
        luke Luke Taylor added a comment - Closing as the basic implementation for M1 is complete. We need to add better support for plugging in extra expressions and will add other features based on feedback.

          People

          • Assignee:
            luke Luke Taylor
            Reporter:
            luke Luke Taylor
          • Votes:
            3 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: