Ok, so I want to make one more change prior to first release.
So, we have this notion so far of AuthorizationContext.hasPermission and other similar methods.
In talking with some other developers, maybe some with lesser experience in the Java security world, they were confused about what this meant exactly.
- Did it mean that the subject actually _had_ that exact permission (exact being exact same class, target, and actions i.e. equals()), or did it mean something else?
Currently what it really means is that any of the subject's Groups and/or Roles had permissions which implied the permission argument - its not a HAS A relationship in the formal sense.
So, what I'd like to do, is rename that and other similar methods to implies(), just like the signature that exists on the Permission interface. To me (and to the other developers), this makes much more sense, since it doesn't foster thoughts of concrete OO relationships, which is not what permissioning is all about.
This will require some changes in my current projects, but they will be minimal at best (we don't call the API directly - mostly just use annotations and JSP taglibs). I really want to do this to squash further confusion that will certainly arise after the first week.
Any objections?
Les
--
View this message in context: http://www.nabble.com/hasPermission-implies-t1016271c13668.html#a2635989
Sent from the Developer forum at Nabble.com.
|
