如何使用mutableAclService删除spring security acl中的用户访问权限。 这段代码还可以吗
private void deleteEntry(Long id){
ObjectIdentity objectIdentity = new ObjectIdentityImpl(OrganizationStructure.class, id);
Sid user = new PrincipalSid("admin");
Permission p1 = BasePermission.READ;
try {
MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
acl.getEntries().forEach(c->{
System.out.println(c.toString());
if(c.getSid().equals(user))
acl.getEntries().remove(c);
});
mutableAclService.updateAcl(acl);
} catch (NotFoundException nfe) {
}
}
答案 0 :(得分:1)
尝试后我发现如何删除条目
private void deleteEntry(Long id) {
ObjectIdentity objectIdentity = new ObjectIdentityImpl(OrganizationStructure.class, id);
Sid user = new PrincipalSid(SecurityUtility.getAuthenticatedUser().getUsername());
try {
MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
Consumer<AccessControlEntry> style = (AccessControlEntry p) -> System.out.println("id:"+p.getSid());
acl.getEntries().forEach(style);
for (int i = 0; i < acl.getEntries().size(); i++) {
if (acl.getEntries().get(i).getSid().toString().equals(user.toString())) {
acl.deleteAce(i);
break;
}
}
acl.getEntries().forEach(style);
mutableAclService.updateAcl(acl);
} catch (NotFoundException nfe) {
}
}
答案 1 :(得分:1)
如果列表中有多个用于同一SID的访问控制项,则以上代码将失败。另外,如果其中没有任何条目,则可能要完全删除ACL。这是一个改进的版本:
ObjectIdentity oi = new ObjectIdentityImpl(objectClass, objectId);
try {
MutableAcl acl = (MutableAcl) aclService.readAclById(oi);
List<AccessControlEntry> aclEntries = acl.getEntries();
for (int i = aclEntries.size() - 1; i >= 0; i--) {
AccessControlEntry ace = aclEntries.get(i);
if (ace.getSid().equals(sid)) {
acl.deleteAce(i);
}
}
if (acl.getEntries().isEmpty()) {
aclService.deleteAcl(oi, true);
}
aclService.updateAcl(acl);
} catch (NotFoundException ignore) {
}