SEC-666: AccessControlList tag should support permission codes #928

Closed
spring-issuemaster opened this Issue Feb 6, 2008 · 2 comments

1 participant

@spring-issuemaster

Troy J. Kelley (Migrated from SEC-666) said:

Currently the tag supports integers for the permissions:

The implementation of the tag has a private method:

private Permission[] parsePermissionsString(String integersString)

which is hard-coded to use the BasePermission class. The BasePermission class has the following methods:

public static Permission buildFromName(String name)
public static Permission[] buildFromName(String[] names)

Given this, it should be pretty straightforward to enhance the parsePermissionString method to support the Names as well.

Which is much more intuitive as it is difficult to remember permission to integer mapping.

Going a bit further, it might also be desirable to allow a custom implementation of Permission to be specified on the ApplicationContext so that customPermission implementations could be used.

@spring-issuemaster

Oleg Gorobets said:

I’d better suggest to provide PermissionFactory (or PermissionBuilder) interface with method
Permission buildFromName(String name) to support several permission implementations rather than specifying only one in the application context.

@spring-issuemaster

Luke Taylor said:

This should already be available as part of the work on SEC-1022. The use of PermissionFactory to convert names or numeric values to Permission instances is already integrated with the tag. So you can supply an instance in the app contex, or use the default one (DefaultPermissonFactory).

@spring-issuemaster spring-issuemaster added this to the 3.0.0 RC1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment