我们可以在acl_sid中同时执行原则和GratedAuthority,并在spring acl security中为对象授予权限吗?
答案 0 :(得分:2)
是的,我们可以做到。 ACL_SID表可以使用角色或用户的SID。
以下是角色的示例插入:
insert into acl_sid (principal, sid) values (false, 'ROLE_ADMIN');
如果是用户主体,那么插入将是:
insert into acl_sid (principal, sid) values (true, 'bob');
您还可以使用可变ACL对ACL字段进行运行时操作。
以下是一个示例:
// Prepare the information we'd like in our access control entry (ACE)
ObjectIdentity oi1 = new ObjectIdentityImpl(Foo.class, new Long(44));
ObjectIdentity oi2 = new ObjectIdentityImpl(Bar.class, new Long(44));
Sid user = new PrincipalSid("bob");
Sid adminRole = new GrantedAuthoritySid("ROLE_ADMIN");
Permission p1 = BasePermission.READ;
Permission p2 = BasePermission.ADMINISTRATION;
// Create or update the relevant ACL
MutableAcl acl1 = null;
MutableAcl acl2 = null;
try {
acl1 = mutableAclService.readAclById(oi1);
} catch (NotFoundException nfe) {
acl1 = mutableAclService.createAcl(oi1);
}
try {
acl2 = mutableAclService.readAclById(oi2);
} catch (NotFoundException nfe) {
acl2 = mutableAclService.createAcl(oi2);
}
// Now grant some permissions via an access control entry (ACE)
acl1.setOwner(user);
acl1.insertAce(0, p1, user, true);
aclService.updateAcl(acl1);
acl2.setOwner(adminRole);
acl2.insertAce(0, p2, adminRole, true);
aclService.updateAcl(acl2);