How can I paginate with Spring Security, Hibernate and row level ACL

Question

I'm reading about Spring Security and wonder whether it's possible to use Spring ACL together with hibernate and pagination. The resulting SQL is surely scary but possible to be auto-generated. It's even possible to use hierarchical ACL if the database supports recursive query evaluation.

Using a post filter is no solution since it breaks pagination and is an unnecessary overhead compared to ACL filtering inside the database.

So I actually have the pieces to build a solution. I want to know whether somebody has already done it.

Links:

Similar question from 2012 without response
link list about this question

score 1 · Answer 1 · answered Nov 25 '15 at 23:44

Yes there are solutions to your challenge. The field is called dynamic data masking and dynamic data filtering.

The idea is that you will have a proxy sit between your application and database. The proxy will apply the filtering such that only relevant authorized data is returned to the app hence keeping pagination intact.

Have a look at:

GreenSQL
Axiomatics Data Access Filter MD (demo)

score 1 · Answer 2 · edited May 23 '17 at 10:27

1

The way I dealing with this is first by getting a list of IDs my user has access to with the solution I gave here.

I then uses this list of IDs to do a query IN with that list.

edited May 23 '17 at 10:27

Community

1
1

answered Oct 28 '16 at 02:07

denov

11,180
2
27
43

What is the list of IDs grows significantly? Did you encounter any such situation? – Ayman Oct 26 '18 at 20:15

How can I paginate with Spring Security, Hibernate and row level ACL

2 Answers2

Linked