Sep 2nd, 2011, 08:33 AM
Any spring tag library to invoke the custom acl voters
We want to decide on UI whether to hide/show some links. But for this we want access decision to be taken using custom ACL voters that we have defined for securing access to methods. Is it possible using Spring taglibs. Something on the lines that on basis of ACCESS_DEIED/ACCESS_GRANTED being returned from the voter we hide/display the link.
The reason for this requirement is that we cannot exactly use ACL tables to define permissions on domain objects, and that data model is kind of complex.
Sep 7th, 2011, 12:55 AM
How are you actually securing the url in the event a user manually types in the url? If it's on your filterchain, a similar approach should work on with the authorize taglib. If the answer is that you're relying on link hiding for security - that isn't secure and you may want to step back and revisit the problem. That said, there's a cool feature in 3.1 that let's the authorize tag accept SPEL allowing you to basically put anything that's in your model into the tag.
Sep 11th, 2011, 11:14 PM
Yes, I am using filter chain for url authentication. Let me explain my problem with some example. Take a example of reporting module, In report module all the user will not allowed to view/add/update all the reports. for example user1 will have read only access to the report1 in that case I want my save/update button disabled on UI. Is there any way I can use SPEL for this.
Tags for this Thread