...
Authors: Juan José Ramos
Status: Draft | Discussion Discussion | Development | Active | Dropped | Superseded
...
- Easy to implement .
- No extra configuration or changes needed .
- Addition of new resource permission DATA:QUERY:RegionName .
- Confusing. Multiple roles are required for “the same” OQL execution operation .
Prior Art
There are some existing frameworks/solutions that might accomplish the same as this proposal. However, we believe that those solutions are inferior for the reasons below.
Spring Method Security & Shiro Annotation-based Authorization
Both Spring Method Security and Shiro Annotation-based Authorization allow the user to annotate the classes in order to explicitly configure which roles/permissions are required to execute the relevant method, similar to what this proposal tries to accomplish through the discarded AnnotationBasedMethodAuthorizer. Annotations are really popular within the Java world and these approaches are extremely powerful and configurable.
The primary problem with these solutions is that they force the user to modify the domain model and, also, add extra unnecessary coupling. With this proposal, anyway, the user can ultimately use these frameworks by just providing their own authorizer implementation and check the annotation in order to allow/deny the method execution.
Errata
None so far.