Group and acl on Spring Security

Question

I want to use Spring Security to manage user, group and permissions.

I want to use ACL to secure my domain objects but I can\'t find a way to assign a group to an acl.

Answer 1

I did something similar 'manually': i.e. I had my own code to determine which instances could be edited/deleted by a specific user and only relied on Spring security to ensure they had the right role to access the functionality and to provide role/authentication information for the current user.

So in my code I determined the current principal (our own User class) and based on that I decided what rights this user had on a specific instance.

public static User getCurrentUser() {
    User user = null;
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (auth != null) {
        Object principal = auth.getPrincipal();
        if (principal instanceof User) {
            user = (User)principal;
        }
    }
    return user;
}