了解SpringSecurity ACL中的createacl?

时间:2018-07-12 06:46:29

标签: grails spring-security spring-security-acl

我正在关注本教程,以便了解spring acl的工作原理。

https://grails-plugins.github.io/grails-spring-security-acl/v3/index.html#tutorial

样本数据服务如下。 

@Transactional
class SampleDataService {

   def aclService
   def aclUtilService
   def objectIdentityRetrievalStrategy

   void createSampleData() {
      createUsers()
      loginAsAdmin()
      grantPermissions()

      // logout
      SCH.clearContext()
   }

   private void loginAsAdmin() {
      // have to be authenticated as an admin to create ACLs
      SCH.context.authentication = new UsernamePasswordAuthenticationToken(
         'admin', 'admin123',
         AuthorityUtils.createAuthorityList('ROLE_ADMIN'))
   }

   private void createUsers() {
      def roleAdmin = new Role(authority: 'ROLE_ADMIN').save()
      def roleUser = new Role(authority: 'ROLE_USER').save()

      3.times {
         long id = it + 1
         def user = new User("user$id", "password$id").save()
         UserRole.create user, roleUser
      }

      def admin = new User('admin', 'admin123').save()

      UserRole.create admin, roleUser
      UserRole.create admin, roleAdmin
   }

   private void grantPermissions() {
      def reports = []
      100.times {
         long id = it + 1
         def report = new Report(name: "report$id").save()
         reports << report
         aclService.createAcl(
                 objectIdentityRetrievalStrategy.getObjectIdentity(report))
      }

      // grant user 1 admin on 11,12 and read on 1-67
      aclUtilService.addPermission reports[10], 'user1', ADMINISTRATION
      aclUtilService.addPermission reports[11], 'user1', ADMINISTRATION
      67.times {
         aclUtilService.addPermission reports[it], 'user1', READ
      }

      // grant user 2 read on 1-5, write on 5
      5.times {
         aclUtilService.addPermission reports[it], 'user2', READ
      }
      aclUtilService.addPermission reports[4], 'user2', WRITE

      // user 3 has no grants

      // grant admin admin on all
      for (report in reports) {
         aclUtilService.addPermission report, 'admin', ADMINISTRATION
      }

      // grant user 1 ownership on 1,2 to allow the user to grant
      aclUtilService.changeOwner reports[0], 'user1'
      aclUtilService.changeOwner reports[1], 'user1'
   }
}

我担心的是这一行

aclService.createAcl(objectIdentityRetrievalStrategy.getObjectIdentity(report))

createacl的用途是什么?我注释掉了这一行,该应用似乎正常运行。那么这行是不必要的吗?

感谢您的帮助!谢谢!

1 个答案:

答案 0 :(得分:0)

Acl也是在添加权限时创建的。如您所见,它会在添加权限上创建acl,但最好在将对象插入db(afterInsert事件)之后创建acl,以更快地创建权限。 addPermission方法中的代码:

MutableAcl acl
try {
    acl = aclService.readAclById(oid)
}
catch (NotFoundException e) {
    acl = aclService.createAcl(oid)
}
相关问题
最新问题