Group and acl on Spring Security

后端未结

关注

 3  1037

长情又很酷 2021-01-31 06:53

I want to use Spring Security to manage user, group and permissions.

I want to use ACL to secure my domain objects but I can\'t find a way to assign a group to an acl.

3条回答

余生分开走 (楼主)

2021-01-31 07:04

Check Spring Security 3.0, you might be able to avoid using ACL at all by using the Spring Expression Language.

For instance, for editing a forum, you would have a method secured like this:

@PreAuthorize("hasRole('ROLE_FORUM_MANAGER') and hasPermission(#forum,'update'))
public void updateForum(Forum forum) {
    //some implementation
}

You would then implement the hasPermission method in a custom permission evaluator, like:

public class ForumPermissionEvaluator implements PermissionEvaluator {

    public boolean hasPermission(Authentication authentication,
            Object domainObject, Object permission) {
        //implement
    }

    public boolean hasPermission(Authentication authentication, 
            Serializable targetId, String targetType, Object permission) {
        //implement
    }
}

Finally, wire it up together in the application config:

0 讨论(0)

查看其它3个回答