implement acl on field in spring security

I would like implement spring acl for my object fields.

does anyone has an idea what do i have to implment for it?

for example, i have Purc开发者_C百科hase object.

i would like admin_role to have read on all the fields, and secretary_role to have read only on username and address field

---

Can you clarify at what point you need the security?

If this is part of a webapp, I frequently use stripes security interceptors in combination with spring to control access to what the user sees based on role.

If it's not part of a webapp and you're looking to control what a user can change there's a number of methods available from custom annotations to database control. I've found the project itself usually dictates which path I should follow.

---

extend org.springframework.security.acls.domain.BasePermission and introduce your own Permission flag (up to 32 bits are supported)