Spring Security
  1. Spring Security
  2. SEC-999

Expression language based access decision support

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0 M1
    • Component/s: Core
    • Labels:
      None

      Issue Links

        Activity

        Hide
        Garth Dahlstrom added a comment -

        It would be really cool, if we could secure method level access by role and data ownership using a conditional role annotation.

        @Secured(

        {"ROLE_TELLER::userAuth.clientList.containsKey(arg0) }

        )
        account readAccount(int clientId);

        where userAuth is an object containing user authorizations (spring security context or something like that... I'm guessing).

        I noticed there was an example relating to something like this @ http://blog.gomilko.com/2008/01/12/acegi-conditional-roles/ :
        @Secured(

        {"ROLE_USER::authentication.principal.customerId == arg0" }

        )
        void addItem(Integer customerId, Integer itemId, Integer amount);

        Show
        Garth Dahlstrom added a comment - It would be really cool, if we could secure method level access by role and data ownership using a conditional role annotation. @Secured( {"ROLE_TELLER::userAuth.clientList.containsKey(arg0) } ) account readAccount(int clientId); where userAuth is an object containing user authorizations (spring security context or something like that... I'm guessing). I noticed there was an example relating to something like this @ http://blog.gomilko.com/2008/01/12/acegi-conditional-roles/ : @Secured( {"ROLE_USER::authentication.principal.customerId == arg0" } ) void addItem(Integer customerId, Integer itemId, Integer amount);
        Hide
        Luke Taylor added a comment -

        Working on web expressions and standard way of configuration a handler/parser.

        Show
        Luke Taylor added a comment - Working on web expressions and standard way of configuration a handler/parser.
        Hide
        Luke Taylor added a comment -

        Closing as the basic implementation for M1 is complete. We need to add better support for plugging in extra expressions and will add other features based on feedback.

        Show
        Luke Taylor added a comment - Closing as the basic implementation for M1 is complete. We need to add better support for plugging in extra expressions and will add other features based on feedback.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            3 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: