Reputation: 637
Spring Security Acl Level Class Permission
Does Spring Security Acl support class-level permissions? For example, let's suppose I have an Asset class, and I want to allow read permissions to all instances of the Asset class to any user with role ROLE_USER. As long as I could see, ObjectIdentityImpl only accepts object instances.
Thanks
Upvotes: 2
Views: 1381
Answers (2)
Reputation: 8240
The org.springframework.security.acls.model.ObjectIdentity is one of the core Spring Security ACL interfaces representing the identity of an individual domain object to secure. It imposes type and identifier properties. If you need class level permissions, you can use e.g. "Class" as a type and actual class name as an identifier (e.g. "Asset" or "my.package.Asset").
Depending on a concrete scenario, it may be also needed to implement org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy and org.springframework.security.acls.model.ObjectIdentityGenerator interfaces accordingly.
Upvotes: 3
Reputation: 16644
The Spring Security ACL is not really handy for this. I would suggest you use a pre-authorize annotation instead:
@PreAuthorize("hasRole('ROLE_USER')")
public List<Asset> getAllAssets();
Make sure you have pre- and post-annotations enabled in your configuration.
Upvotes: 3
Related Questions
- Granting permission in Spring Security Acl
- spring-security ACL tutorial
- Spring Security Acl object
- Spring Security ACL Heirarchy
- Spring Security ACLs on List
- spring security acl administration permission
- JPA with Spring-security-ACL
- Using Spring Security ACL
- Spring object level permissions without spring security ACL
- How to change the Permisions in Spring Security ACL?