Announcement Announcement Module
Collapse
No announcement yet.
mutableAclService is doing nothing on createAcl Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • mutableAclService is doing nothing on createAcl

    Hi there.. im trying to include the acl implementation of spring security 3..

    So far im having a pretty hard time because it fails at even simplest stuff like acl inserts.

    I really need help here.. its my exam work and im so very stuck

    thanks in advance!

    I created a wrapper service, to call the mutableAclService methods. It looks like this:

    Code:
    @Override
    	@Transactional(propagation=Propagation.REQUIRED)
    	public void setAccess(AbstractBusinessObject target, AbstractSecurityObject securityObj, Permission permission) {
    		
    		if(target == null || securityObj == null || permission == null) {
    			throw new ReportItGenericException("Neither target, securityObj or permission may be null here!");
    		}
    
    // row 114 just below this one
    		MutableAcl targetAcl = mutableAclService.createAcl(new ObjectIdentityImpl(target));
    
    
    		
    		if(securityObj.getId() == null) {
    			throw new RuntimeException("Id of the object cannot be null here!");
    		}
    		
    		String sidString = securityObj.getName();
    		Sid sid = new PrincipalSid(sidString);
    		
    		targetAcl.setOwner(sid);
    		targetAcl.insertAce(0, permission, sid, true);
    		
    		mutableAclService.updateAcl(targetAcl);		
    		
    	}
    Thats the exception thown

    Code:
    org.springframework.security.acls.model.NotFoundException: Unable to find ACL information for object identity 'org.springframework.security.acls.domain.ObjectIdentityImpl[Type: ch.sisa.reportit.business.datasources.DataSourceDefinition; Identifier: 753666]'
    	at org.springframework.security.acls.jdbc.JdbcAclService.readAclsById(JdbcAclService.java:114)
    	at org.springframework.security.acls.jdbc.JdbcAclService.readAclById(JdbcAclService.java:94)
    	at org.springframework.security.acls.jdbc.JdbcAclService.readAclById(JdbcAclService.java:101)
    	at org.springframework.security.acls.jdbc.JdbcMutableAclService.createAcl(JdbcMutableAclService.java:110)
    	at 
    
    // see code above for position
    ch.sisa.reportit.business.security.acl.ReportitAclService.setAccess(ReportitAclService.java:114)
    	at ch.sisa.reportit.business.security.acl.ReportitAclService.setAccess(ReportitAclService.java:103)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    	at java.lang.reflect.Method.invoke(Method.java:597)
    	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
    	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
    	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
    	at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
    	at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
    	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
    	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
    	at $Proxy65.setAccess(Unknown Source)
    	at ch.sisa.reportit.web.controller.impl.security.acl.AuthorityController.saveAclEntry(AuthorityController.java:143)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    	at java.lang.reflect.Method.invoke(Method.java:597)
    	at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:175)
    	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:421)
    	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:409)
    	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:774)
    	... 51 more

    heres the security xml:

    HTML Code:
    <security:global-method-security pre-post-annotations="enabled" secured-annotations="enabled" access-decision-manager-ref="aclDecisionManager"/>
    
    	<bean class="ch.sisa.reportit.business.security.acl.ReportitDecisionManager" id="aclDecisionManager">
    		<property name="decisionVoters">
    			<list>
    				<ref bean="businessAdminVoter"/>
    				<ref bean="businessWriteVoter"/>
    				<ref bean="businessReadVoter"/>
    				<ref bean="businessDenyVoter"/>
    			</list>
    		</property>
    	</bean>
    		
    	<bean class="ch.sisa.reportit.business.security.acl.ReportitAclVoter" id="businessAdminVoter">
    		<constructor-arg ref="aclService"/>
    		<constructor-arg value="VOTE_ADMIN"/>
    		<constructor-arg>
    			<array>
    				<util:constant static-field="ch.sisa.reportit.business.security.acl.ReportitPermission.ADMINISTRATION"/>
    			</array>
    		</constructor-arg>
    		<property name="processDomainObjectClass" value="ch.sisa.reportit.business.IBusinessObject"/>
    	</bean>
    	
    	<bean class="ch.sisa.reportit.business.security.acl.ReportitAclVoter" id="businessWriteVoter">
    		<constructor-arg ref="aclService"/>
    		<constructor-arg value="VOTE_WRITE"/>
    		<constructor-arg>
    			<array>
    				<util:constant static-field="ch.sisa.reportit.business.security.acl.ReportitPermission.WRITE"/>
    			</array>
    		</constructor-arg>
    		<property name="processDomainObjectClass" value="ch.sisa.reportit.business.IBusinessObject"/>
    	</bean>
    	
    	<bean class="ch.sisa.reportit.business.security.acl.ReportitAclVoter" id="businessReadVoter">
    		<constructor-arg ref="aclService"/>
    		<constructor-arg value="VOTE_READ"/>
    		<constructor-arg>
    			<array>
    				<util:constant static-field="ch.sisa.reportit.business.security.acl.ReportitPermission.READ"/>
    			</array>
    		</constructor-arg>
    		<property name="processDomainObjectClass" value="ch.sisa.reportit.business.IBusinessObject"/>
    	</bean>
    	
    	<bean class="ch.sisa.reportit.business.security.acl.ReportitAclVoter" id="businessDenyVoter">
    		<constructor-arg ref="aclService"/>
    		<constructor-arg value="VOTE_NO_ACCESS"/>
    		<constructor-arg>
    			<array>
    				<util:constant static-field="ch.sisa.reportit.business.security.acl.ReportitPermission.NO_ACCESS"/>
    			</array>
    		</constructor-arg>
    		<property name="processDomainObjectClass" value="ch.sisa.reportit.business.IBusinessObject"/>
    	</bean>
    	
    	<bean class="ch.sisa.reportit.business.security.acl.ReportitJdbcMutableAclService" id="aclService">
    		<constructor-arg ref="reportit-core-ds"/>
    		<constructor-arg ref="lookupStrategy"/>
    		<constructor-arg ref="ehCacheAclCache"/>
    		<property name="classIdentityQuery" value="SELECT @@IDENTITY"/>
    		<property name="sidIdentityQuery" value="SELECT @@IDENTITY"/>
    	</bean>
    	
    	<bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
            <constructor-arg ref="reportit-core-ds"/>
            <constructor-arg ref="aclCache"/>
            <constructor-arg ref="aclAuthorizationStrategy"/>
            <constructor-arg ref="aclAuditLogger"/>   
            <property name="permissionFactory" ref="reportitPermissionFactory"/>
        </bean> 
        
        <bean class="ch.sisa.reportit.business.security.acl.ReportitAclPermissionFactory" id="reportitPermissionFactory"></bean>
        
    	<bean id="aclAuditLogger" class="org.springframework.security.acls.domain.ConsoleAuditLogger" />
    	
    	<bean id="aclAuthorizationStrategy" class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
    		<constructor-arg>
    			<array>
    				<ref local="aclAdminAuthority"/>
    				<ref local="aclAdminAuthority"/>
    				<ref local="aclAdminAuthority"/>
    			</array>
    		</constructor-arg>
    	</bean>
    	
    	<bean id="aclAdminAuthority" class="org.springframework.security.core.authority.GrantedAuthorityImpl">
    		<constructor-arg value="ROLE_ADMIN"/>
    	</bean>
    	
    	<bean class="org.springframework.security.acls.domain.EhCacheBasedAclCache" id="ehCacheAclCache">
    		<constructor-arg ref="ehCacheFactoryBean"/>
    	</bean>
    	
    	<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean" id="ehCacheFactoryBean">
    		<property name="cacheManager" ref="ehCacheManagerBean"/>
    	</bean>	
    	
    	<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" id="ehCacheManagerFactoryBean"/>


    edit: added exception
    Last edited by ms-sisa; Apr 19th, 2011, 10:26 AM.

  • #2
    At that point in MutableAclService.createAcl, it should have written the acl_object_identity row:

    Code:
           // Create the acl_object_identity row
           createObjectIdentity(objectIdentity, sid);
    Have you checked the database to see what it wrote? Are you sure that your readAclById actually works with your domain objects (i.e. do you have unit tests)? Since ACLs require a lot of domain-specific configuration to get right, it'll be hard for us to help you with a lot of diagnosis without access to your database or domain objects.

    Comment


    • #3
      Thanks for the reply pmularien

      I dont think it writes anything at all... When i check the database afterwards, nothing is written at all, i dont know if its because of the transaction, gona test this today.

      I have some unit tests, but they fail exactly the way i described. Im gona post them and an example of one of the domain objects.

      By the way, id like to know how the hell you debug this acl service? I saw the code and it does no logging at all, ever. I assume you need to reimplement the whole service to add debug code?

      Well.. new day new luck

      Comment


      • #4
        All right.. here is a sample domain object, that im actually using in my junits.

        Code:
        @Entity(name = "AbstractBusinessObject")
        @Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)
        @PreSaveUniqueCheck({@UniqueAttributesSet({"name","root","businessObjectType"})}) //
        @DiscriminatorColumn(name = "businessObjectType", discriminatorType = DiscriminatorType.STRING)
        @Table(name="BusinessObject")
        public abstract class AbstractBusinessObject implements IBusinessObject {
        
        	private static final long serialVersionUID = 8455662377459640160L;
        	
        	public AbstractBusinessObject(BusinessObjectType businessObjectType) {
        		this.businessObjectType = businessObjectType;
        	}
        	
        	@Id
        	@GeneratedValue(strategy = GenerationType.TABLE)
        	private Long id = null;
        	
        	@Override
        	public Long getId() {
        		return this.id;
        	}
        	
        	@Version
        	private Integer lockversion = null;
        	
        	public Integer getLockversion() {
        		return lockversion; 
        	}
        	
        	@Length(min=1,max=256)
        	@Column(length = 256, nullable = false)
        	private String name = null;
        	
        	@Length(max=256)
        	@Column(length = 256)
        	private String description = null;
        	
        	@NotNull
        	@Column(length = 32,nullable=false)
        	@Enumerated(value = EnumType.STRING)
        	private BusinessObjectType businessObjectType = null;
        	
        	@Transient
        	private boolean dirty = false;
        
        	public String getName() {
        		return name;
        	}
        
        	public void setName(String name) {
        		this.name = name;
        	}
        
        	public String getDescription() {
        		return description;
        	}
        
        	public void setDescription(String description) {
        		this.description = description;
        	}
        
        	public BusinessObjectType getBusinessObjectType() {
        		return businessObjectType;
        	}
        
        	protected void setBusinessObjectType(BusinessObjectType businessObjectType) {
        		this.businessObjectType = businessObjectType;
        	}
        
        	@Override
        	public void initialize() {
        		
        	}
        
        	@Override
        	public void setDirty(boolean isDirty) {
        		this.dirty = isDirty;
        	}
        	
        	@Override
        	public boolean isDirty() {
        		return this.dirty;
        	}	
        	
        	@Override
        	public IBusinessObject getRootFromBase() {
        		try {
        			return (IBusinessObject)PropertyUtils.getSimpleProperty(this, "root");
        		} catch (Throwable t) {
        			throw new RuntimeException(t);
        		}
        	}
        	
        	@Override
        	public void setRootInBase(IBusinessObject root) {
        		try {
        			PropertyUtils.setSimpleProperty(this, "root", root);
        		} catch (Throwable t) {
        			throw new RuntimeException(t);
        		}
        	}
        }
        Code:
        @Configurable
        @Scope(value="prototype")
        @Component(AbstractSecurityObjectBeanNames.COMPONENT)
        @Entity(name=AbstractSecurityObjectBeanNames.ENTITY)
        @Table(name=AbstractSecurityObjectBeanNames.TABLE,uniqueConstraints = {@UniqueConstraint(columnNames={"name","rootId","businessObjectType"})})
        public abstract class AbstractSecurityObject extends AbstractBusinessObject {
        
        	private static final long serialVersionUID = 2750102860336765808L;
        
        	@OneToMany(mappedBy="root",fetch=FetchType.LAZY,cascade=CascadeType.ALL) //	
        	private Set<SecurityProperty> securityProperties = null;
        	
        	@NotNull
        	@ManyToOne(fetch = FetchType.LAZY,optional=false)
        	@JoinColumn(name = "rootId",nullable=false)
        	private SecurityFolder root = null;
        	
        	public abstract void removeRelatedSecurityObject(AbstractSecurityObject object);
        	
        	public abstract void addRelatedSecurityObject(AbstractSecurityObject object);
        	
        	public SecurityFolder getRoot() {
        		return root;
        	}
        
        	public void setRoot(SecurityFolder root) {
        		this.root = (SecurityFolder) root;
        	}
        	
        	protected AbstractSecurityObject(BusinessObjectType type) {
        		super(type);
        	}
        	
        	public void setSecurityProperties(Set<SecurityProperty> securityProperties) {
        		this.securityProperties = securityProperties;
        	}
        
        	public Set<SecurityProperty> getSecurityProperties() {
        		return securityProperties;
        	}
        }
        Code:
        @Configurable
        @Scope(value="prototype")
        @PreSaveUniqueCheck({@UniqueAttributesSet({"name"})})
        @Component(BusinessBeanNames.Configurables.UserBeanNames.COMPONENT)
        @Entity(name=BusinessBeanNames.Configurables.UserBeanNames.ENTITY)
        @Table(name=BusinessBeanNames.Configurables.UserBeanNames.TABLE,uniqueConstraints={@UniqueConstraint(columnNames={"name"})})
        public class User extends AbstractSecurityObject {
        
        	private static final long serialVersionUID = -6864436639724566696L;
        	
        	@Email
        	@Length(max=256)
        	@Column(length = 256)
        	private String email = null;
        
        	@Length(max=64)
        	@Column(length = 64)
        	private String firstname = null;
        
        	@Length(max=64)
        	@Column(length = 64)
        	private String lastname = null;
        
        	@NotBlank
        	@Length(min=4,max=32)
        	@Column(length = 32)
        	private String password = null;
        	
        	@NotBlank
        	@Length(min=2,max=2)
        	private String language = null;
        	
        	@ManyToMany(fetch = FetchType.LAZY) // cascade=CascadeType.MERGE, 
        	@JoinTable(name = "User_UserGroup", 
        			joinColumns = { @JoinColumn(name = "userId") }, 
        			inverseJoinColumns = { @JoinColumn(name = "userGroupId") })
        	private Set<UserGroup> userGroups = null;
        	
        
        	@Deprecated
        	protected User() {
        		super(BusinessObjectType.User);
        	}
        	
        	public Set<UserGroup> getUserGroups() {
        		return userGroups;
        	}
        
        	public void setUserGroups(Set<UserGroup> userGroups) {
        		this.userGroups = userGroups;
        	}  
        	
        	@Override
        	public void addRelatedSecurityObject(AbstractSecurityObject object) {
        		if(object != null && object instanceof UserGroup) {
        			UserGroup group = (UserGroup)object;
        			if(this.userGroups == null) {
        				this.userGroups = new ReportItObjectsSortedTreeSet<UserGroup>();
        			}
        			this.userGroups.add(group);
        			group.addRelatedSecurityObjectInternal(this);
        		}
        	}
        	
        	public void addRelatedSecurityObjectInternal(UserGroup group) {
        		if(this.userGroups == null) {
        			this.userGroups = new ReportItObjectsSortedTreeSet<UserGroup>();
        		}
        		this.userGroups.add(group);	
        	}
        	
        	@Override
        	public void removeRelatedSecurityObject(AbstractSecurityObject object) {
        		if(object instanceof UserGroup) {
        			UserGroup group = (UserGroup)object;
        			if(this.userGroups != null) {
        				this.userGroups.remove(group);
        			}
        		}		
        	}
        	
        	public Set<UserGroup> getRelatedUserGroups() {
        		
        		Set<UserGroup> sortedSet = new ReportItObjectsSortedTreeSet<UserGroup>();
        		
        		if(this.userGroups != null) {
        			for(UserGroup group : this.userGroups) {
        				sortedSet.add(group);
        			}
        		}
        		
        		return sortedSet;		
        	}
        
        	public boolean changePassword(String oldPassword, String newPassword) {
        
        		if(oldPassword != null && newPassword != null) {
        			if (oldPassword.trim().equals(newPassword.trim())) {
        				this.password = newPassword;
        				return true;
        			}
        		}
        		return false;
        	}
        
        	public String getPassword() {
        		return this.password;
        	}
        
        	public String getEmail() {
        		return email;
        	}
        
        	public void setEmail(String email) {
        		this.email = email;
        	}
        
        	public String getFirstname() {
        		return firstname;
        	}
        	
        	public void setFirstname(String firstname) {
        		this.firstname = firstname;
        	}
        
        	public String getLanguage() {
        		return language;
        	}
        
        	public void setLanguage(String language) {
        		this.language = language;
        	}
        
        	public void setPassword(String password) {	
        		this.password = password;
        	}
        
        	
        	public void setLastname(String lastname) {
        		this.lastname = lastname;
        	}
        
        	public String getLastname() {
        		return lastname;
        	}
        		
        	@Override
        	public void initialize() {
        	}
        	
        	@Override
        	public boolean equals(Object obj) {
        	    	
        	        if (this == obj) {
        	        	 return true;
        	        } else if (obj == null)  {      	
        	            return false;
        	        } else if (getClass() != obj.getClass()) {
        	            return false;
        	   		}
        	        
        	        User other = (User) obj;
        
        	        boolean comparison = true;
        	        
        	        comparison = Util.objectCompare(this.getName(),other.getName());
        	        comparison = Util.objectCompare(this.getEmail(),other.getEmail());
        	        comparison = Util.objectCompare(this.getDescription(),other.getDescription());
        	        comparison = Util.objectCompare(this.getFirstname(),other.getFirstname());
        	        comparison = Util.objectCompare(this.getLanguage(),other.getLanguage());
        	        comparison = Util.objectCompare(this.getLanguage(),other.getLanguage());
        	        comparison = Util.objectCompare(this.getLastname(),other.getLastname());
        	        comparison = Util.objectCompare(this.getPassword(),other.getPassword());
          
        	        return comparison;
        	}
        	   
        	@Override
        	public String toString() {
        		return this.getName() + " - " + this.getFirstname() + " " + this.getLastname();
        	}
        	
        	public List<GrantedAuthority> getGrantedAuthorities() {		
        		return AuthorityUtils.createAuthorityList("ROLE_ADMIN","ROLE_USER");
        	}	
        }

        Comment


        • #5
          Heres the unit tests.. How ever, to make this one run, youd need a lot more of my code. Well.. maybe you spot something..

          Code:
          @TransactionConfiguration
          @RunWith(SpringJUnit4ClassRunner.class)
          @ContextConfiguration({"classpath:reportit-business.xml","classpath:reportit-core.xml","classpath:reportit-engine.xml","classpath:reportit-business-security.xml"}) // ""
          @Transactional(propagation=Propagation.SUPPORTS,value="transactionManager",rollbackFor=java.lang.Throwable.class)
          public class TestReportitACLService extends TestCase {
          
          	@Autowired
          	private IReportitAclService reportItACLService = null;
          	
          	@Autowired
          	private ISecurityService securityService = null;
          	
          	@Autowired
          	private IFolderService folderService = null;
          	
          	@Autowired
          	private IReportItBeanFactory beanFactory = null;
          	
          	@Autowired
          	PlatformTransactionManager transactionManager = null;
          	
          	private String testName = null;
          	
          	private static User securityObject = null;
          	
          	private static SecurityFolder securityFolder = null;
          	
          	@Test
          	public void aInitTest() throws UIPreparedException {
          		
          		reportItACLService.setCurrentlyUsedDatabase(DataBase.MSSql);
          		
          		reportItACLService.initializeData();	
          		
          		testName = "TEST_" + new Date() + "_"+Math.random();
          		
          		if(SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() == null) {
          			
          			securityFolder = (SecurityFolder) beanFactory.getNewBeanInstance(SecurityFolder.class);
          			securityFolder.setName(testName);
          			securityFolder.setRoot(folderService.getRootFolder());
          			folderService.saveBeanObject(securityFolder);
          			
          			System.out.println("securityFolder saved! " + securityFolder);
          			
          			User user = (User)beanFactory.getNewBeanInstance(User.class);
          			user.setDescription("Created user for test purpose.. dont use this under any circumstance!");
          			user.setName(testName);
          			user.setPassword("test");
          			user.setRoot(securityFolder);
          			user.setLanguage("EN");
          			securityService.saveBeanObject(user);
          			
          			securityObject = user;
          			
          			Authentication auth = new UsernamePasswordAuthenticationToken(user.getName(), user.getPassword());
          			SecurityContextHolder.getContext().setAuthentication(auth);
          		}	
          				
          	}
          	 
          	@Test
          	public void testSetAccess() throws Throwable {	
          	
          		TransactionTemplate tt = new TransactionTemplate(transactionManager);
          		tt.setReadOnly(false);
          		
          		try {
          			reportItACLService.setAccess(securityObject, securityObject,ReportitPermission.READ);
          		} catch (UIPreparedException e) {
          			throw new RuntimeException(e);
          		}
          		
          		/*
          		//tt.setIsolationLevel(isolationLevel)
          		tt.execute(new TransactionCallbackWithoutResult() {
          			
          			@Override
          			protected void doInTransactionWithoutResult(TransactionStatus arg0) {
          				
          				System.out.println("in transaction..");
          				
          			
          			}
          		});*/
          		
          	} 
          	
          	@Test
          	public void zFinishTest() throws UIPreparedException {
          		securityService.deleteObject(securityObject);
          		folderService.deleteObject(securityFolder);				
          	}
          }
          Code:
          // On CLASS:
          @Scope(proxyMode=ScopedProxyMode.INTERFACES,value="singleton")
          @Transactional(propagation=Propagation.SUPPORTS,value="transactionManager",rollbackFor=java.lang.Throwable.class)
          public class ReportitAclService extends AbstractReportItService implements IReportitAclService {
          
          // ON METHOD:
          @Override
          public void setAccess(final AbstractBusinessObject target, final AbstractSecurityObject securityObj, final Permission permission) {
          This way, i get an entry into the acl tables, but the acl service still fails to retrieve. i get the following entries into the db:

          ACL_CLASS:
          id: 1 class: ch.sisa.reportit.business.security.User
          ACL_ENTRY:
          Nothing

          ACL_SID:
          id:1 principal:True sid:TEST_Wed Apr 20 09:38:01 CEST 2011_0.7808281301603073

          ACL_OBJECT_IDENTITY

          id:1 owner_sid:1 object_id_class:1 parent_object:NULL object_id_identity: 3571713 entries_inheriting: True

          Comment


          • #6
            this worked for me as test, you must change de actual id of the ObjectIdentityImpl

            Code:
            @Transactional
            public class AclManagerImpl implements AclManager {
            	
            	@Inject
            	MutableAclService aclService;
            	
            	public void grant(Class<?> target,String username){
            		ObjectIdentity oi = new ObjectIdentityImpl(target, new Long(44));
            		Sid sid = new PrincipalSid(username);
            		Permission p = BasePermission.WRITE;
            		// Create or update the relevant ACL
            		MutableAcl acl = null;
            		try {
            			acl = (MutableAcl) aclService.readAclById(oi);
            		} catch (NotFoundException nfe) {
            			acl = aclService.createAcl(oi);
            		}
            		// Now grant some permissions via an access control entry (ACE)
            		acl.insertAce(acl.getEntries().size(), p, sid, true);
            		aclService.updateAcl(acl);
            	}

            Comment

            Working...
            X