Dynamic Authorization and Channel Security

[Hamed]

Thanks to InMemoryDaoImpl, we can use Acegi to specify users and their roles in applicationContext. But for those who want to store them in the data base, they can use JdbcDaoImpl.

However, I don’t understand why there is no implementation allowing defining method’s authorisations, Uri’s authorisations and Channel Security in the data base?! (to do that in applicationContext we can use MethodSecurityInterceptor, FilterSecurityInterceptor and channelProcessingFilter)

Because they don’t exist (unless I’m saying mistakes) and because I really need them, I am obliged to implemen.

I saw that there is already some good attempt such as
http://forum.springframework.org/showthread.php?t=20620
http://forum.springframework.org/showthread.php?t=10185

So what I’m asking for is:
1- Do you know other examples treating the same problem?
2-have you some tips or advise helping doing that?

Thank you

[Ben Alex]

The threads you quoted are correct.

I was talking to Rob Harrop at The Spring Experience in December, and ultimately Spring will support obtaining its BeanDefinition metadata from a database directly, possibly with integration into JMX management of that metadata. Acegi Security therefore does not currently plan on providing database providers for what is generally regarded as configuration metadata. This is different from application data, such as the names of users and the roles they have been assigned, which justifiably should come from a database or other authentication repository in most production applications.