0

I would like implement spring acl for my object fields.

does anyone has an idea what do i have to implment for it?

for example, i have Purchase object.

i would like admin_role to have read on all the fields, and secretary_role to have read only on username and address field

Hoov
  • 133
  • 1
  • 9
Dejell
  • 13,947
  • 40
  • 146
  • 229

2 Answers2

0

Can you clarify at what point you need the security?

If this is part of a webapp, I frequently use stripes security interceptors in combination with spring to control access to what the user sees based on role.

If it's not part of a webapp and you're looking to control what a user can change there's a number of methods available from custom annotations to database control. I've found the project itself usually dictates which path I should follow.

Quotidian
  • 2,870
  • 2
  • 24
  • 19
  • hi! it's a web application. I use jsf. and i need to secure the object fields that are displayed on the screen. for example, i have an object called worker. i will display a list of workers in a table. if the role that entered is admin_role, he will view all the fields. it the role that entered is a secretary_role, he will view only the name and address field (i don't want him to see the salary of the worker). – Dejell May 06 '10 at 17:25
0

extend org.springframework.security.acls.domain.BasePermission and introduce your own Permission flag (up to 32 bits are supported)

sreg
  • 369
  • 2
  • 12