Web tier: servlets, JSP, Web frameworks: Securing Domain Objects with Acegi
What should I do when I want to use Acegi for securing my domain objects but when my database schema is already fixed. The schema, however, contains all the data needed for determining whether user has permissions to access the data or not. Acegi's Contacts Sample seems to use a schema specific to Acegi.
- Posted by: Jussi Oksanen
- Posted on: May 15 2007 03:01 EDT
- Acegi and eXo Portal integration by massimiliano cuccia on May 16 2007 12:05 EDT
- Re: Securing Domain Objects with Acegi by Jeryl Cook on May 18 2007 07:43 EDT
Hi I'm reading http://wiki.jboss.org/wiki/Wiki.jsp?page=PortalWithAcegiAuthentication about acegi integration into jBoss portal. is there something similar dedicated to eXo? i'm searching for a guide, a reference ... any kind of documentation!! if does not exists, someone can help me to achieve this task? thanks in advance Massimiliano Cuccia
Drop your current security schema for ACEGI's
Dropping my current schema is not an option because it's partially enforced by an 3rd party component. Anyway, what I'm planning to do is that, instead of using Acegi's access control lists, I will implement my own AccessDecisionVoters and AfterInvocationProviders for securing my business methods and domain objects. Acegi's own implementations seems to be quite simple so this does not require that much effort. Any arguments against this solution?
i think that will work :), i ran into a similar situation and we had the option to drop our tables used for access control,and user/roles. we secured some of our webservice methods using ACEGI and spring, and it worked pretty well! happy coding.