Versions Compared

Old Version 11

changes.mady.by.user Juan Ramos

Saved on

compared with

New Version 12

changes.mady.by.user Juan Ramos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Authors: Juan José Ramos

Status: Draft | Discussion Discussion | Development | Active | Dropped | Superseded

...

  • Easy to implement (plus).
  • No extra configuration or changes needed (plus).
  • Addition of new resource permission DATA:QUERY:RegionName (minus).
  • Confusing. Multiple roles are required for “the same” OQL execution operation (minus).

Prior Art

There are some existing frameworks/solutions that might accomplish the same as this proposal. However, we believe that those solutions are inferior for the reasons below.

Spring Method Security & Shiro Annotation-based Authorization

Both Spring Method Security and Shiro Annotation-based Authorization allow the user to annotate the classes in order to explicitly configure which roles/permissions are required to execute the relevant method, similar to what this proposal tries to accomplish through the discarded AnnotationBasedMethodAuthorizer. Annotations are really popular within the Java world and these approaches are extremely powerful and configurable.

The primary problem with these solutions is that they force the user to modify the domain model and, also, add extra unnecessary coupling. With this proposal, anyway, the user can ultimately use these frameworks by just providing their own authorizer implementation and check the annotation in order to allow/deny the method execution.

Errata

None so far.