MethodSecurityInterceptor and method overloading

[adepue]

Has anyone needed MethodSecurityInterceptor to support overloading? I've got a MethodSecurityInterceptor defined against a service like this:

Code:

  <bean id="..." class="net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor">
    <property name="authenticationManager"><ref bean="authenticationManager"/></property>
    <property name="accessDecisionManager"><ref bean="businessAccessDecisionManager"/></property>
    <property name="runAsManager"><ref bean="runAsManager"/></property>
    <property name="objectDefinitionSource">
      <value>
        com.mypackage.MyInterface.update=ROLE_MYROLE
      </value>
    </property>
  </bean>

Now, say I overload "update" like this:

Code:

  void update(MyObject object);
  void update(MyOtherObject object);

How would I assign a different set of roles to each method? Currently, since both methods have the same name, I am forced to use the same roles for each, right?

Thanks,
Andy

[Ben Alex]

Hi Andy, yes, you'll need to use the same configuration attributes for both signatures. I based our implementation on Spring's then transaction interceptor, so I'm not sure if it's a common requirement.

I can't think of any reason why it wouldn't be theoretically possible to customise net.sf.acegisecurity.MethodDefinitionMap to do this, though. Or provide a new concrete MethodDefinitionSource implementation if you didn't want to modify MethodDefinitionMap.