Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Allows access to the business method invocation arguments in the bound security interceptor method.
@SecurityBindingType public @interface ProjectAdmin { // empty } @SecurityParameterBinding public @interface ProjectBinding { // empty } @ProjectAdmin public void updateName(@ProjectBinding Project p, String name) { // save project name } @Secures @ProjectAdmin public boolean isProjectAdmin(@ProjectBinding Project p, Identity identity) { if(identity.hasRole("project" + p.getId() + "_admin") { ... } }
Note that the @Project annotation is not a CDI bean Qualifier / Stereotype annotation, it is a method parameter security binding annotation that tells Security to use the value of the Project passed to the method call in the security binding check itself.
Attachments
Issue Links
- incorporates
-
DELTASPIKE-143 documentation for SecurityParameterBinding
- Closed
- is related to
-
DELTASPIKE-69 @SecurityBindingType
- Closed