Dec 24th, 2005, 07:26 AM
Dynamic Authorization and Channel Security
Thanks to InMemoryDaoImpl, we can use Acegi to specify users and their roles in applicationContext. But for those who want to store them in the data base, they can use JdbcDaoImpl.
However, I donít understand why there is no implementation allowing defining methodís authorisations, Uriís authorisations and Channel Security in the data base?! (to do that in applicationContext we can use MethodSecurityInterceptor, FilterSecurityInterceptor and channelProcessingFilter)
Because they donít exist (unless Iím saying mistakes) and because I really need them, I am obliged to implemen.
I saw that there is already some good attempt such as
So what Iím asking for is:
1- Do you know other examples treating the same problem?
2-have you some tips or advise helping doing that?
be happy :-)
Jan 25th, 2006, 07:10 PM
The threads you quoted are correct.
I was talking to Rob Harrop at The Spring Experience in December, and ultimately Spring will support obtaining its BeanDefinition metadata from a database directly, possibly with integration into JMX management of that metadata. Acegi Security therefore does not currently plan on providing database providers for what is generally regarded as configuration metadata. This is different from application data, such as the names of users and the roles they have been assigned, which justifiably should come from a database or other authentication repository in most production applications.