Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1165: Relax the requirement that the ObjectIdentity "type" be a Java class #1413

spring-issuemaster opened this Issue May 26, 2009 · 2 comments


None yet
1 participant

Luke Taylor (Migrated from SEC-1165) said:

This is really just a piece of metadata to identify the specific domain object type (e.g. Contact) to which an ACL applies. In practice it is converted to a String (the classname) when stored in the database. There's no real requirement that it should be a unique Java class or that the class should be loadable when the ObjectIdentity is created. It would be more flexible if it was just treated as a String.

The method

Class<?> getJavaType();

on the interface should be changed to return a String, and the property should be changed to "type" or "objectType" or something similar.

Luke Taylor said:

I've updated the method as described, so it is now:

String getType();

Corresponding changes in the classes which use it have also been made. These all used the javaType by calling getName() first. ObjectIdentityImpl no longer checks the classpath for the presence of the domain class with this name (since it may not be a class name). This also means that it can be used in situations where the domain object class(es) are not available - e.g. a separate permission administration application.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M2 milestone Feb 5, 2016

This issue supersedes #740
This issue supersedes #1097

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment