I'm working with Spring-Security and I need to implement my own PermissionEvaluator (following the answer to my other question.
However looking at the standard implementation AclPermissionEvaluator
here I notice, that the DAO is set via the constructor.
If I declare my custom PermissionEvaluator like this:
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled">
<expression-handler ref="expressionHandler"/>
</global-method-security>
<beans:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<beans:property name="permissionEvaluator">
<beans:bean id="permissionEvaluator" class="com.npacemo.permissions.SomePermissionsEvaluator"/>
</beans:property>
</beans:bean>
where do I get my DAO into the Evaluator so that I can access data? Can I inject it, meaning is the PermissionEvaluator Spring managed? Or how do I get my dataProvider into the Evaluator?
Just figured it out: The PermissionEvaluator is Spring managed, so
will work just fine.
edit: For our project we'll implement our own PermissionResolver probably extending the standard Implementation:
and injecting a custom ACLService (following this tutorial)
where we retrieve ACL information from our custom database structure.
To wire it all we'll follow the spring-security contacts example:
where aclService has to be declared thus: