2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018

10/25/2005: ACEGI: An Example of When to Use AffirmativeBased (instead of UnanimousBased) Voting when Controlling Access to Methods

In this example I have a simple interface, defined below, which needs role-based access control.

public interface IBean {
  Workers and Managers can get the value.
  public String getValue();
  Only Managers can set the value.
  public void setValue(String _value);

The access control is specified via a security interceptor like this:

  <bean id='securityInterceptor' class='...MethodSecurityInterceptor'>
    <property name='objectDefinitionSource'>

Since the the getValue method has more than one role associated with it, the type of voter used as the accessDecisionManager bean is important. If you choose UnanimousBased then the user must have both ROLE_WORKER and ROLE_MANAGER roles which is probably not what your security officer wants.

Using the AffirmativeBased voter means that the user only needs one of the roles to be able to execute the getValue method.

subscribe via RSS