Announcement Announcement Module
No announcement yet.
Spring ACL with combined handling of GrantedAuthority and Principle in acl_sid table Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring ACL with combined handling of GrantedAuthority and Principle in acl_sid table

    Can we do both Principle as-well-as GratedAuthority in acl_sid and give permissions for a object in spring acl security ?

  • #2
    I got answer from stackoverflow, here are the details,

    Yes, we can do that. ACL_SID table can take SIDs that are either roles or users.

    Here is a sample insert when it is role:

    insert into acl_sid (principal, sid) values (false, 'ROLE_ADMIN');
    If it is a user principal then the insert will be:

    insert into acl_sid (principal, sid) values (true, 'bob');
    You can also do runtime manipulation of ACL fields using mutable ACL.

    Here is a sample:

    // Prepare the information we'd like in our access control entry (ACE)
    ObjectIdentity oi1 = new ObjectIdentityImpl(Foo.class, new Long(44));
    ObjectIdentity oi2 = new ObjectIdentityImpl(Bar.class, new Long(44));
    Sid user = new PrincipalSid("bob");
    Sid adminRole = new GrantedAuthoritySid("ROLE_ADMIN");
    Permission p1 = BasePermission.READ;
    Permission p2 = BasePermission.ADMINISTRATION;
    // Create or update the relevant ACL
    MutableAcl acl1 = null;
    MutableAcl acl2 = null;
    try {
      acl1 = mutableAclService.readAclById(oi1);
    } catch (NotFoundException nfe) {
      acl1 = mutableAclService.createAcl(oi1);
    try {
      acl2 = mutableAclService.readAclById(oi2);
    } catch (NotFoundException nfe) {
      acl2 = mutableAclService.createAcl(oi2);
    // Now grant some permissions via an access control entry (ACE)
    acl1.insertAce(0, p1, user, true);
    acl2.insertAce(0, p2, adminRole, true);