Extend security command to data

[abattisti]

Hi,

I would to extend the implementation of security command to data for enable or disable the JComponent binded to they. About this I supposed two way of implementing it:

1. inside FormBuilder: during the addiction of the components I check the granted authorities of current principal and enable or disable the current component

2. by interceptor about as above

What do you think about it? what's the best solution for you?

thank you and all apologies for my english

[darabi]

Hello abattisti,

I would prefer the second way. I have written code along the lines of your first idea: it becomes quickly illegible and chaotic, because it is cluttered with lots of if clauses.

In addition to that, everything is hard-coded, so changes to some security concerns force you to change the sources, which is not desirable.

In my case, it might be not enough to enable/disable controls. Sometimes, the user should not even be able to see certain values.

My idea was to have some interceptor, which would enforce some declarative rules, which are either configured in the context or in a DB, upon the form. I could imagine something like enabling/disabling controls by their name.

I haven't implemented anything yet, so I cannot help out with code.


Kambiz