Stack Overflow
Stack Overflow

Questions tagged [spring-security-acl]

83 questions
24
votes
2 answers

Valid use case for @PostAuthorize And @PostFilter annotations

We have just migrated to Spring Security 3.0.8 from 2.0.8 (Can' upgrade to the latestversion which is 3.2.X as our core spring libraries are still on 3.0.X, which we plan to upgrade later when business permits). I understand that we now have…
avijendr
  • 3,958
  • 2
  • 31
  • 46
23
votes
1 answer

When should I implement Spring Security ACL in my application?

Spring Security ACL looks very powerful, and easy to implement when you can stick to their database implementation. However it appears to become much more complicated when you have to implement your own Acl and AclService (see for example this (old)…
Didier L
  • 18,905
  • 10
  • 61
  • 103
18
votes
1 answer

Using Spring Security ACL with Spring Data REST

I am trying to authorize apis exposed by Spring Data REST. So far I am able to do role-based authorization i.e: @RepositoryRestResource(path = "book") public interface BookRepository extends JpaRepository { …
charybr
  • 1,888
  • 24
  • 29
11
votes
1 answer

Spring security Access Control List Billions of rows

Implementing security solution based on spring security framework particularly its acl modules. There are millions of domain objects and some hundreds of users in the application. Using Spring Security Acl module the entry in acl_sid and other…
QStack
  • 111
  • 1
  • 5
9
votes
2 answers

How to interpret hasPermission in spring security?

I am new to spring security. How do I interpret this? @PreAuthorize("hasPermission(null, 'opetussuunnitelma', 'LUONTI')") OpetussuunnitelmaDto addOpetussuunnitelma(OpetussuunnitelmaDto opetussuunnitelmaDto); Which method from the permission…
Zack
  • 2,078
  • 10
  • 33
  • 58
8
votes
1 answer

Spring Security ACL with EhCache 3

I tried to update to EhCache 3, but noticed that my AclConfig for spring-security-acl no longer works. The reason is EhCacheBasedAclCache still uses import net.sf.ehcache.Ehcache. EhCache moved to org.ehcache since version 3 and thus this no longer…
puelo
  • 5,464
  • 2
  • 34
  • 62
8
votes
3 answers

Is Spring ACL a good ACL implementation?

I have read about Spring ACL but it does not seem to be very competent. For example: No way to list all objects of type X with permission Y No way to automatically create the schemas for new deployments What are you using for ACL? Is it clever to…
Piotr
  • 4,813
  • 7
  • 35
  • 46
8
votes
2 answers

How to get a List of Objects that a user can access using ACLs related tables

I'm designing a system that has a lot of requirements around user management/permissions, so I decided to use Spring Security ACL to manage the permissions at the Domain Objects level. Although, using ACLs to maintain the relations between Users…
pVilaca
  • 1,508
  • 1
  • 12
  • 18
6
votes
1 answer

spring security acl doesn't compare bitwise permissions

We've encountered an unexpected lack of bitwise permission checking in spring security. We'd like to confirm if this is the expected behaviour and if so, what the history is and/or rationale for this. We're using the grails plugin…
John Harris
  • 63
  • 4
5
votes
1 answer

How to use Spring Security ACL when my domain identifiers are of String type?

I faced with strange and unexpected situation with Spring Security ACL when tried to create ACL using MutableAclService.createAcl(ObjectIdentity objectIdentity). The matter is that ObjectIdentity uses Serializable type for identifiers. At the same…
Dmitry Dyokin
  • 139
  • 11
5
votes
2 answers

How can I paginate with Spring Security, Hibernate and row level ACL

I'm reading about Spring Security and wonder whether it's possible to use Spring ACL together with hibernate and pagination. The resulting SQL is surely scary but possible to be auto-generated. It's even possible to use hierarchical ACL if the…
Thomas Koch
  • 2,833
  • 2
  • 28
  • 36
4
votes
1 answer

What is the best way to unit test methods annotated with Spring Security ACL annotations?

Let's say I have a method like the following: @PreAuthorize("hasPermission(#obj, 'READ')") public void requiresReadPermission(Object obj) {} Is there an easy way to mock/grant/deny the "READ" permission for the authentication?
JWK
  • 670
  • 2
  • 6
  • 16
3
votes
0 answers

Creating new ACL entries in spring-security-acl

I am implementing ACL based authentication using spring-security-acl on my Spring Boot based app. I have configured my app and created the 4 tables required for ACL and the authorisation works pretty well during READ or WRITE type of operations. But…
Sayak Mukhopadhyay
  • 1,332
  • 2
  • 19
  • 34
3
votes
3 answers

How to use Spring Security @Pre and @Post annotations with collections

We are using Spring Security's ACL Annotations to allow access to certain web services. @PreAuthorize and @PostAuthorize seems to be extremely useful and favours most of the use cases we are having. The SPEL based rules on individual methods et al…
aksappy
  • 3,400
  • 3
  • 23
  • 49
3
votes
2 answers

How to implement Custom spring security acl?

I'm developing an Application using Spring. In Access Control Access section I want to use Spring Security Acl (I'm new at Acl). I want to implement ACL in my application base on 2 points: Application should has five permissions, read, create,…
Morteza Malvandi
  • 1,656
  • 7
  • 30
  • 73
1
2 3 4 5 6