Announcement Announcement Module
Collapse
No announcement yet.
Problem with ACL Service and Apache Derby Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with ACL Service and Apache Derby

    I'm having problems getting example 13-7 from the book Spring Recipes (the previous edition which covers Spring 2.5) to update the ACL tables defined in my Apache Derby data base.

    From the book, the ACL tables were created using the follow SQL:

    Code:
    CREATE TABLE ACL_SID (
    	ID			BIGINT			NOT NULL GENERATED BY DEFAULT AS IDENTITY,
    	SID			VARCHAR(100)	NOT NULL,
    	PRINCIPAL	SMALLINT		NOT NULL,
    	PRIMARY KEY (ID),
    	UNIQUE (SID, PRINCIPAL)
    );
    
    CREATE TABLE ACL_CLASS (
    	ID			BIGINT			NOT NULL GENERATED BY DEFAULT AS IDENTITY,
    	CLASS		VARCHAR(100)	NOT NULL,
    	PRIMARY KEY (ID),
    	UNIQUE (CLASS)
    );
    
    CREATE TABLE ACL_OBJECT_IDENTITY (
    	ID					BIGINT		NOT NULL GENERATED BY DEFAULT AS IDENTITY,
    	OBJECT_ID_CLASS		BIGINT		NOT NULL,
    	OBJECT_ID_IDENTITY	BIGINT		NOT NULL,
    	PARENT_OBJECT		BIGINT,
    	OWNER_SID			BIGINT,
    	ENTRIES_INHERITING	SMALLINT	NOT NULL,
    	PRIMARY KEY (ID),
    	UNIQUE (OBJECT_ID_CLASS, OBJECT_ID_IDENTITY),
    	FOREIGN KEY (PARENT_OBJECT)		REFERENCES ACL_OBJECT_IDENTITY,
    	FOREIGN KEY (OBJECT_ID_CLASS)	REFERENCES ACL_CLASS,
    	FOREIGN KEY (OWNER_SID)			REFERENCES ACL_SID
    );
    
    CREATE TABLE ACL_ENTRY (
    	ID					BIGINT		NOT NULL GENERATED BY DEFAULT AS IDENTITY,
    	ACL_OBJECT_IDENTITY	BIGINT		NOT NULL,
    	ACE_ORDER			INT			NOT NULL,
    	SID					BIGINT		NOT NULL,
    	MASK				INTEGER		NOT NULL,
    	GRANTING			SMALLINT	NOT NULL,
    	AUDIT_SUCCESS		SMALLINT	NOT NULL,
    	AUDIT_FAILURE		SMALLINT	NOT NULL,
    	PRIMARY KEY (ID),
    	UNIQUE (ACL_OBJECT_IDENTITY, ACE_ORDER),
    	FOREIGN KEY (ACL_OBJECT_IDENTITY)	REFERENCES ACL_OBJECT_IDENTITY,
    	FOREIGN KEY (SID)					REFERENCES ACL_SID
    );
    Upon attempting to post a message to the example message board web application, the following code gets executed:

    Code:
    	@Override
    	@Secured( { "ROLE_USER" })
    	@Transactional
    	public synchronized void postMessage(Message message) {
    		message.setId(System.currentTimeMillis());
    		messages.put(message.getId(), message);
    
    		ObjectIdentity oid = new ObjectIdentityImpl(Message.class, message
    				.getId());
    		MutableAcl acl = mutableAclService.createAcl(oid);
    		acl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(
    				message.getAuthor()), true);
    		acl.insertAce(1, BasePermission.DELETE, new GrantedAuthoritySid(
    				"ROLE_ADMIN"), true);
    		acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid(
    				"ROLE_USER"), true);
    		mutableAclService.updateAcl(acl);
    	}
    The ACL service, defined in it's own bean file (board-acl.xml) is defined as follows:

    Code:
    <bean id="aclService"	
    	class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
    	<constructor-arg ref="dataSource" />
    	<constructor-arg ref="lookupStrategy" />		
    	<constructor-arg ref="aclCache" />
    	<property name="sidIdentityQuery" value="values identity_val_local()" />
    	<property name="classIdentityQuery" value="values identity_val_local()" />
    </bean>
    When attempting to post a message, the following error is reported:

    Code:
    org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.dao.DataIntegrityViolationException: PreparedStatementCallback; SQL [update acl_object_identity set parent_object = ?, owner_sid = ?, entries_inheriting = ? where id = ?]; An attempt was made to get a data value of type '<UNKNOWN>' from a data value of type 'BIGINT'.; nested exception is java.sql.SQLDataException: An attempt was made to get a data value of type '<UNKNOWN>' from a data value of type 'BIGINT'.
    I suspect the problem is with how the identity queries are being defined for the ACL service bean. The book was written to use an older version of Spring Security, as it defined an 'identityQuery' for the JdbcMutableAclService. I'm using Spring Security 2.0.6, which does not define such a property, rather it has the properties 'classIdentityQuery' and 'sidIdentityQuery'.

    Can someone familiar with configuring ACL services with Apache Derby shed some light on the cause of my problem?

    Thanks,
    Jeff
Working...
X