Announcement Announcement Module
Collapse
No announcement yet.
Domai object instance security Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domai object instance security

    Dear Friends ,

    I am using spring security frame work for our application.

    and i m facing a problem which is related to instance level security.

    i downloaded the example of contact.war which comes with spring-security.zip file.

    i m using mysql database and makes changes to db table as required.

    but during running i getting an exception , which looks like :
    Code:
    PROCEDURE acegi.identity does not exist.
    So , how can i overcome from this exception.

    thanks

  • #2
    Hi vijay
    I used that sample too. but dint face any problem. I did not customize it to use my DB. But that sample uses hypersonic db which is working fine.

    Comment


    • #3
      Dear Abhinav ,

      first thanks to u for givinig reply.

      with hsql db this code works fine.

      but when i customize it with mysql it throughs exception at:
      Code:
      for (int i = 1; i < createEntities; i++) {
                  final ObjectIdentity objectIdentity = new ObjectIdentityImpl(Contact.class, new Long(i));
                  tt.execute(new TransactionCallback() {
                          public Object doInTransaction(TransactionStatus arg0) {
                              MutableAcl acl = mutableAclService.createAcl(objectIdentity);                     
                              return null;
                          }
                      });
              }
      at
      Code:
      mutableAclService.createAcl(objectIdentity)
      methode it throughs exception :
      Code:
      java.sql.SQLException: Syntax error
                              or access violation message from server: "PROCEDURE acegi.identity does not exist"


      I m trying to resolve this by applying some changes in code. let see

      Comment


      • #4
        Hi Abhinav ,

        first thanks to u for givinig reply.

        with hsql db this code works fine.

        but when i customize it with mysql it throughs exception at:
        Code:
        for (int i = 1; i < createEntities; i++) {
                    final ObjectIdentity objectIdentity = new ObjectIdentityImpl(Contact.class, new Long(i));
                    tt.execute(new TransactionCallback() {
                            public Object doInTransaction(TransactionStatus arg0) {
                                MutableAcl acl = mutableAclService.createAcl(objectIdentity);                     
                                return null;
                            }
                        });
                }
        at
        Code:
        mutableAclService.createAcl(objectIdentity)
        methode it throughs exception :
        Code:
        java.sql.SQLException: Syntax error
                                or access violation message from server: "PROCEDURE acegi.identity does not exist"


        I m trying to resolve this by applying some changes in code. let see

        Comment


        • #5
          Hello friends !

          i resolve the problem by changing src of spring-security-acl-2.0.1.jar.

          Comment


          • #6
            Hi vijay
            did u made any changes to the query came along with the sample?

            Comment


            • #7
              hello abhinav !

              ya definitly i changed
              Code:
              private String identityQuery = "SELECT LAST_INSERT_ID()"; //"call identity()";
              in the JdbcMutableAclService Class.

              Comment


              • #8
                domain object security

                Hi vijay,
                i m bit confused in this security example, Conatcts. can u tell me how is domain object security is implemented in this example. in authorization context file i can see that voter is applied with permission on domain object Contact, but while debugging voter doesnt play any role. which user shud be able to access which contact is handled by after invocation handler. from this i get that voter has no role in domain object security. it is just the tables in which we store the relation user-permission-domainObject which is checked afterInvocation. please if u can take out 5 min to explain this, i will be gr8ful to u.
                thanks
                abhinav

                Comment


                • #9
                  Come on guys do not change the source code!

                  Create a sub class like this:

                  public class MysqlJdbcMutableAclService extends JdbcMutableAclService {
                  public MysqlJdbcMutableAclService(DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache) {
                  super(dataSource, lookupStrategy, aclCache);
                  setSidIdentityQuery("SELECT LAST_INSERT_ID()");
                  setClassIdentityQuery("SELECT LAST_INSERT_ID()");
                  }
                  }

                  Comment


                  • #10
                    gud one...

                    Comment


                    • #11
                      Originally posted by abhinav_ind View Post
                      Hi vijay,
                      i m bit confused in this security example, Conatcts. can u tell me how is domain object security is implemented in this example. in authorization context file i can see that voter is applied with permission on domain object Contact, but while debugging voter doesnt play any role. which user shud be able to access which contact is handled by after invocation handler. from this i get that voter has no role in domain object security. it is just the tables in which we store the relation user-permission-domainObject which is checked afterInvocation. please if u can take out 5 min to explain this, i will be gr8ful to u.
                      thanks
                      abhinav
                      Hi Abhinav,

                      Not sure if this is the answer to your question, but it sounds like the same question I had on this, recently -- where/when does the ACL stuff get used?

                      The answer to that question is that there is an interceptor specified in one of the Spring XML files, around the "getAll()" method. That interceptor redirects control to the voter and the whole authorization procedure.

                      Hard to catch, even with a debugger. Hope that helps.

                      Peter

                      Comment


                      • #12
                        Thanks Peter

                        I already understood the process of authorization, but forgot to reply on this post. Yes you are right that its tough to debug, after some patience I was able to crack it. Earlier I thought that it fetches those records that the user is authorised for. But found out that it first fetches all the records and Acl service filters out the unauthorised records using CollectionFilterer

                        Abhinav

                        Comment

                        Working...
                        X