ACL EL - custom expression support

[sreenivas.hcu]

Hi,

Is there a good way to make a my own custom expression like "hasCustomPermission()" in ACL EL approach.
I try to dig into the code base and wondered why MethodSecurityExpressionRoot is not extendible and why DefaultMethodSecurityExpressionHandler is not flexible enough to extend it and still use the filter function that it provides.

Ofcourse I can rewrite these two classes but i can see most of the code will be duplicated in my new classes.

I like spring security design because of its flexibility to plugin custom stuff. May be there is a good reason that this functionality isnt provided. is there ?

After all I want to to do something like
"hasSystemPermission('TEST_PERM')"
and inside this implementation I will fetch my business object on which I stored my permissions and use hasPermission(Object, permission) interface. This will give me flexibility that my client dont need to pass this business object everytime.

Does it make sense ?

/Kalyan

[sreenivas.hcu]

Just an update on the issue.

As of now I replaced MethodSecurityExpressionRoot and DefaultMethodSecurityExpressionHandler with my custom implementations and passed the business object directky into the SecurityExpressionRoot so that it can be used in expressions.

May be I dont need to do this in 3.1.0 when application bean references can be used in expressions directly - http://jira.springframework.org/browse/SEC-1294

So may be its not a problem in my case.

/Kalyan

[pmularien]

Yes, currently what you describe is the only approach that works. Good job implementing it yourself!