Mar 22nd, 2007, 01:16 PM
What level to apply ACL security at?
We are using role based security with role voter on the service layer methods.
We are also looking at using ACL security. Originally I was going to apply this to the service layer also , but I'm now thinking it might make more sense to apply the ACL security at the DAO layer.
For example if I have a service layer:
And the dao for DomainObejct1:
Now if the service layer methods updateDomainObejct1(DomainObject1 domainObject1), closeDomainObejct1(Long id), reopenDomainObejct1(Long id) all involve updating the domain object ie calling the dao update method, then the system seems more robust if I put the update ACL check on the dao update method otherwise I may forget to apply it to some service method in the future. Likewise for after invocation read and collection filtering - it seems
safer to apply these at the dao layer also as any service layer method that uses this information will have to go through the dao layer.
Is this a sensible approach - ie have two layers of method invocation security?
On a related issue the new ACL module voters and afterinvocationproviders require the domain object to act on however methods such as retrieve or delete (whether in the service layer or dao layer) usually only provide the object id. How should this be handled?
Thanks for any help
Mar 22nd, 2007, 01:25 PM
I've had this discussion a few times before with other people. You could add it to the dao layer just to make sure. There are issues when you use something like Hibernate though. As you don't actually have to persist the change explicitly it's possible to only have the read permission but to still update an object.