posted 10 years ago
Hello guys,
I am new for SpEL. Even though I am new for it, I want to use it to implement attribute-based access control by using ACL and SpEL. But I failed to go further because of my SpEL limitation. I hope you can help me a little bit how to handle the following problem.
Consider the following expressions to secure the method 'edit'.
Here, what I want to do is securing the method 'edit' by using the two SpELs. the first expression, that is, hasPermission(#data, 'WRITE' works fine, because I am using ACL defined in XML file. But for the 2nd expression I am using database that stores user details of the class 'User'. Assume that I have member variable 'name' for the 'User' class and its corresponding getter and setter methods. I can retrieve values for the 'name' variable from DB. But I couldn't able to pass those values in the SpEL expression above, or is the problem arise from the way that I used to compare the two values?. I am not using XML definition for the 2nd expression, I have XML only for for the first expression, that is for the ACL.
Can you provide me some information please? Thanks in advance for your cooperation!