SEC-999: Expression language based access decision support #1250

Closed
spring-issuemaster opened this Issue Oct 2, 2008 · 4 comments

1 participant

@spring-issuemaster

Migrated from SEC-999

@spring-issuemaster

Garth Dahlstrom said:

It would be really cool, if we could secure method level access by role and data ownership using a conditional role annotation.

@Secured({"ROLE_TELLER::userAuth.clientList.containsKey(arg0) }) account readAccount(int clientId);

where userAuth is an object containing user authorizations (spring security context or something like that… I’m guessing).

I noticed there was an example relating to something like this @ http://blog.gomilko.com/2008/01/12/acegi-conditional-roles/ :
@Secured({"ROLE_USER::authentication.principal.customerId == arg0" })
void addItem(Integer customerId, Integer itemId, Integer amount);

@spring-issuemaster

Luke Taylor said:

Working on web expressions and standard way of configuration a handler/parser.

@spring-issuemaster

Luke Taylor said:

Closing as the basic implementation for M1 is complete. We need to add better support for plugging in extra expressions and will add other features based on feedback.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016
@spring-issuemaster

This issue supersedes #1243
This issue supersedes #534

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment