1
我试图使用Spring Security的readAclsById方法JdbcMutableAclService
来检索由SID过滤的ACL。但是,将返回不适用于传入的SID的ACL。Spring Security - ACL readAclsById不按SID过滤
我使用的用户名创建ACL条目:
public void add(Object domainObject, String username, List<Permission> permissions) {
MutableAcl acl;
ObjectIdentity oid = objectIdentityRetrievalStrategy
.getObjectIdentity(domainObject);
Sid receipient = new PrincipalSid(username);
try {
acl = (MutableAcl) aclService.readAclById(oid);
} catch (NotFoundException nfe) {
acl = aclService.createAcl(oid);
}
for(Permission permission:permissions) {
acl.insertAce(acl.getEntries().size(), permission, receipient, true);
}
aclService.updateAcl(acl);
}
而且我通过Authentication
对象检索ACL:
List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
List<ObjectIdentity> identities = new ArrayList<>(domainObjects.size());
for (Object domainObject : domainObjects) {
identities.add(objectIdentityRetrievalStrategy.getObjectIdentity(domainObject));
}
Map<ObjectIdentity, Acl> acls = aclService.readAclsById(identities, sids);
//see what permissions the user has for these objects
for (Map.Entry<ObjectIdentity, Acl> entry : acls.entrySet()) {
Acl acl = entry.getValue();
//entries that are not applicable to the SIDs are returned
List<AccessControlEntry> entries = acl.getEntries();
}
如果我登录到另一个用户名,然后尝试检索ACL通过readAclsById,我也得到AccessControlEntry
属于其他用户名的值。我正确使用AclService
吗?