Acegi's permission control, master the peer, but instance level permission control is still not configured. After seeing some information, ACEGI uses ACL to control instance-level access, but still unavailable in the DAO level invasion. And I think that the database is not easy to maintain the ACL for a database of data. Permission control information can be placed in the database, but these control information is definitely based on certain rules. Where should this rule? There is no source code for the Contact class, there is no way to analyze.
Now there is an idea, I don't know if I can implement instance level authority control by using the Java rule engine. I still don't think about how to avoid invasivity, but you should implement configurable that instance-level authority control.
========================================
The permissions control of fine particles are really a very headache. ACEGI can provide very good coarse granular permission control capabilities. Acegi also provides the ability to control the domain objects on instance levels, but it is very troublesome, and it is impossible to avoid invasive problems, and maintain additional tables. In addition, it cannot provide access to URL, and the page elements displays permission control over this fine grain level level. Now consider whether it does not use Acegi to control fine-grained permissions. Simple alternative is to write directly in business logic, but do not meet the target of business logic and authority control logic to the logic of the right to pursue. Now I want to use the rules engine to solve this problem, and the rule engine is equivalent, which is convenient to modify. Of course, the direct use rule engine can extract fine granular permissions rules into the configuration file, but cannot avoid intrusion. I don't know if I can resolve the invasive problem with AOP.
