Nick Padgett (Migrated from SEC-1184) said:
After looking through the org.springframework.security.acls.jdbc package, it appears the classes and interfaces could be reorganized/renamed to improve extensability.
1) Other lookup mechanisms (AWS SimpleDB) could take advantage of the AclCache interface, the LookupStrategy interface, and the EhCacheBasedAclCache class.
2) BasicLookupStrategy should be renamed to BasicJdbcAclLookupStrategy
3) Other than the findChildren(...) method in JdbcAclService, there is nothing explicitly tied to JDBC. This other methods in this class should be promoted to a non-jdbc abstract class.
Luke Taylor said:
I think there is an argument for reuse of the cache interface and implementation so I've moved these out of the jdbc package.
I'm not convinced about the rest though. There isn't much to JdbcAclService apart from the findChildren method so I don't think the additional complexity of introducing an inheritance tree there is justified and LookupStrategy is really just a method from the AclService interface. I'd prefer to keep these classes as the default Jdbc implementation of the AclService, without them being regarded as a solid API, as they may also change in future. The standard approach would be to implement AclService directly.