About User - Role - Action security implementation from DB
I have a project with a security idea like that (all from database that can be modified at runtime)
User -> List of roles
Role -> List of actions (Each action have a url)
Then each Role contain a list of Actions that have permited to launch, a User that have that Role associated can launch that url.
In acegi we have a bean "filterInvocationInterceptor" that contain a property named "objectDefinitionSource" that with regular expressions we can define the url patterns that certain Role can access, there is a way to make that property to load the struture defined in the Relation between Role -> Action?. I´m reading the documentation in the new version 0.70 and read about a RoleVoter and AclManager but for method invocation.
Any idea or example will be preciated. Before I post i see another post where Ben talk about the posibility to implement the ObjectDefinitionSource interface to acomplish that, i going to work in that now, but would be useful if anyone post some example or hint.