there's something I don't understand in the tutorial concerning roles
the example uses a RoleVoter
each principal (logged-in user) will have an authority (=role) which is ROLE_USER or ROLE_CLERK
why do you need to explicitly create an acl_entry for the SID "ROLE_CLERK"?
example:
in this case the RoleVoter will GRANT access, because the principal has ROLE_CLERK.Code:@Secured({"ROLE_CLERK","AFTER_ACL_READ"}) public Clerk getClerk(long id);
so there should be no need to exlicitly add a permission for each clerk:
I think this is redundant. What do you think?Code:public void setClerkPermissions(Clerk clerk) { Sid sid = new PrincipalSid(clerk.getUser().getUsername()); aclSecurityUtil.addPermission(clerk, sid, BasePermission.ADMINISTRATION, Clerk.class); }
BTW: thanks for the great tutorial
