I am currently implementing a level of security in our web application using Spring Security and more precisely hasPermission (), implementing our own PermissionEvaluator.
I am wondering if there are any naming conventions / libraries for representing permissions on model objects, actions, etc.
The signature of the hasPermission (Object param, Object permission) method, which leaves things pretty open. most people seem to use a string as the second argument and an object or object array for the first argument, so they have something like hasPermission (#object, 'edit').
- Is there a standard list of permissions or conventions? (view, edit, change, create, add, delete, delete, print, list ...)
- is it better to use strings, numbers or enumerations for resolution?
- there is an agreement for naming actions (addPersonToProject, personToProjectAdd ...)
- Could you share some implementation information that you use for such roles and permissions?
source share