Announcement Announcement Module
Collapse
No announcement yet.
Spring Security ACLs with ROO Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security ACLs with ROO

    Hello,

    I am wondering what would be an easy way to integrate spring security ACLs with ROO based application. One could implement UserDetails service mapped onto entities generated by ROO, but ACL is ORM independent (or should i say locked out of ORM as ORM feels free to me)

    There is a schema given in Appendix A of Spring Security 3.x documentation and it leads me to believe that it is not easy (perhaps impossible) to generate that schema from ROO/Hibernate schema generation (even with JPA annotations)

    For starters I am just looking into a no pain CRUD with Users, Organizations (or Groups) and ACLs

  • #2
    I'm using Hibernate in my Roo-WebApp, too. Because the DDLs given in Appendix A of Spring Security 3.x documentation vary for different databases (eg. HSQL and PostgreSQL) I wanted Hibernate to create the DDLs according to the database set by hibernate.dialect.

    Therefore I created some Roo Entity classes (which I never use in my application code) for letting hibenrate create the ACL tables. The DDL created by hibernate match the DDLs given in Appendix A of Spring Security 3.x documentation.

    I'm not sure if this is a well designed solution, but it works .

    Here my Java classes:

    AclClass.java
    Code:
    import javax.persistence.Column;
    import javax.persistence.Entity;
    import javax.persistence.Table;
    
    import org.springframework.roo.addon.entity.RooEntity;
    import org.springframework.roo.addon.javabean.RooJavaBean;
    import org.springframework.roo.addon.tostring.RooToString;
    
    @Entity
    @RooJavaBean
    @RooToString
    @RooEntity(versionField = "")
    @Table(name = "acl_class")
    public class AclClass {
    	
    	@Column(name = "class", nullable=false, unique=true)
    	private String clazz;
    }
    AclEntry.java
    Code:
    import javax.persistence.Entity;
    import javax.persistence.JoinColumn;
    import javax.persistence.ManyToOne;
    import javax.persistence.Table;
    import javax.persistence.UniqueConstraint;
    import javax.validation.constraints.NotNull;
    
    import org.springframework.roo.addon.entity.RooEntity;
    import org.springframework.roo.addon.javabean.RooJavaBean;
    import org.springframework.roo.addon.tostring.RooToString;
    
    @Entity
    @RooJavaBean
    @RooToString
    @RooEntity(versionField = "")
    @Table(name = "acl_entry", uniqueConstraints = { @UniqueConstraint(columnNames = {
    		"acl_object_identity", "ace_order" }) })
    public class AclEntry {
    
        @NotNull
        @ManyToOne(targetEntity = AclObjectIdentity.class)
        @JoinColumn
        private AclObjectIdentity acl_object_identity;
    
        @NotNull
        private Integer ace_order;
    
        @NotNull
        @ManyToOne(targetEntity = AclSid.class)
        @JoinColumn
        private AclSid sid;
        
        @NotNull
        private Integer mask;
        
        @NotNull
        private boolean granting;
        
        @NotNull
        private boolean audit_success;
        
        @NotNull
        private boolean audit_failure;
    }
    AclObjectIdentity.java
    Code:
    import javax.persistence.Entity;
    import org.springframework.roo.addon.javabean.RooJavaBean;
    import org.springframework.roo.addon.tostring.RooToString;
    import org.springframework.roo.addon.entity.RooEntity;
    import javax.persistence.Table;
    import de.oponion.domain.security.AclClass;
    import javax.validation.constraints.NotNull;
    import javax.persistence.ManyToOne;
    import javax.persistence.JoinColumn;
    import javax.persistence.UniqueConstraint;
    
    import de.oponion.domain.security.AclSid;
    
    @Entity
    @RooJavaBean
    @RooToString
    @RooEntity(versionField = "")
    @Table(name = "acl_object_identity", uniqueConstraints = { @UniqueConstraint(columnNames = {
    		"object_id_class", "object_id_identity" }) })
    public class AclObjectIdentity {
    
        @NotNull
        @ManyToOne(targetEntity = AclClass.class)
        @JoinColumn
        private AclClass object_id_class;
    
        @NotNull
        private Long object_id_identity;
    
        @ManyToOne(targetEntity = de.oponion.domain.security.AclObjectIdentity.class)
        @JoinColumn
        private de.oponion.domain.security.AclObjectIdentity parent_object;
    
        @NotNull
        @ManyToOne(targetEntity = AclSid.class)
        @JoinColumn
        private AclSid owner_sid;
        
        @NotNull
        private boolean entries_inheriting;
    }
    AclSid.java
    Code:
    import javax.persistence.Entity;
    import javax.persistence.Table;
    import javax.persistence.UniqueConstraint;
    import javax.validation.constraints.NotNull;
    
    import org.springframework.roo.addon.entity.RooEntity;
    import org.springframework.roo.addon.javabean.RooJavaBean;
    import org.springframework.roo.addon.tostring.RooToString;
    
    @Entity
    @RooJavaBean
    @RooToString
    @RooEntity(versionField = "")
    @Table(name = "acl_sid", uniqueConstraints = { @UniqueConstraint(columnNames = {
    		"sid", "principal" }) })
    public class AclSid {
    
    	@NotNull
    	private boolean principal;
    
    	@NotNull
    	private String sid;
    
    }

    Comment


    • #3
      @mikrobi

      I didn't get the time to investigate your solution until this weekend.
      The problem I see is that it does not generate the exact SQL as is prescribed by the schema. I think following the SQL to the letter may not be necessary but to be on the safe side I am using import.sql of hbm2ddl to populate the DB.

      Comment


      • #4
        hmm, what database are you using? Which parts differ from the ddl provided by the doc?

        I'm using HSQL and the tables created by Hibernate are the same prescribed by the schema. (And ACL is working fine, too).

        If you are using import.sql of hbm2ddl you're using native SQL which may be depending on your database...

        Comment

        Working...
        X