[JSecurity-Developer] Re: HasPermission default target and actions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I think my concern comes from using Permission classes without 2 arg constructors.  As a framework, I think we should support their use if developers want to use them.

For example, this example method would not work as things stand now:

@HasPermission(type=com.company.pkg.MyPermission.class, target="someName")
public void foo();

if the MyPermission class only had a default no-arg or single arg constructor.  JSecurity would try to look up a two-arg constructor because of the '*' argument sent implicitly as the default.

Here's an interesting note though - 

A _lot_ of JDK Permission implementations have a 2 arg constructor, but usually ignore the 2nd argument entirely, just to maintain constructor parallelism with the BasicPermission class from which they extend.  This is yet another example of the poor design decisions made in JAAS.

Anyway, these dummy constructors are convenient for us, but requires custom Permission implementers who use JSecurity to make sure they do the same thing - pretty inconvenient for them and propagates the poor design.  Do we want to force them to do this?

--
Sent from the Developer forum at Nabble.com:
http://www.nabble.com/HasPermission-default-target-and-actions-t826978c13668.html#a2147416