Introduce Spring Security ACL (Access Control Lists) #36
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The added SQL script works for H2 and Postgres. It will be executed on startup as configured in the context-init.xml. This way it is ensured that the ACL database exists on after starting up the system.
The SHOGun2 authentication provider will now request a user from the database. The accountName of the user will be used as the principal in the authentication object.
For the demonstration of the ACL usage, some access control entries were made.
The AOP libraries will be used to intercept the saveOrUpdate and delete method of the AbstractCrudService in a next step.
By using this aspect class, the saveOrUpdate and delete methods of the AbstractCrudService will be intercepted (if the webapp is configured properly).
Enabled AOP/AspectJ in archetype and use the SHOGun2 AclManagement aspect, which was commited in the previous step.
This SidRetrievalStrategy behaves like the default (SidRetrievalStrategyImpl), but checks if the principal of the current authentication object is a SHOGun2 user object. In such cases, the accountName of the SHOGun2 user will be used to build a PrincipalSid.
The Shogun2AuthenticationProvider will now pass the SHOGun2-User object as the principal of the authentication. The authentication provider has also been enhanced by checking if the SHOGun2 user object actually has grantedAuthorities. (The last point is a preparation as we do not yet retrieve the authorities from our SHOGun2 database).
|
I added some more commits:
|
|
As the test failed, i made it work again... |
The customized ACL service takes care if the principal object of the current authentication is a SHOGun2 User object.
|
I made some more enhancements:
|
|
Hey @buehner, great work! I am sure this is the right direction for SHOGun2 wrt security. Please merge. Additionally it'd be great if you could turn the remaining TODOs into Github issues. If possible a tutorial on how to use the security mechanism would be great. Thanks! |
buehner
added a commit
that referenced
this pull request
Jul 1, 2014
Introduce Spring Security ACL (Access Control Lists)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As described in #35, this PR introduces Spring Security ACLs.
The implementations are mainly based on this tutorial (under impact of this tutorial)
Here is a short list of features, that would be introduced by this PR:
Most parts of this PR are a proof of concept, which means that still some coding has to be done (especially to save/update/delete the ACL entries). But as it is working: Try the webapp archetype and feel free to merge.