1
我試圖使用Spring Security的readAclsById方法JdbcMutableAclService來檢索由SID過濾的ACL。但是,將返回不適用於傳入的SID的ACL。Spring Security - ACL readAclsById不按SID過濾
我使用的用戶名創建ACL條目:
public void add(Object domainObject, String username, List<Permission> permissions) {
MutableAcl acl;
ObjectIdentity oid = objectIdentityRetrievalStrategy
.getObjectIdentity(domainObject);
Sid receipient = new PrincipalSid(username);
try {
acl = (MutableAcl) aclService.readAclById(oid);
} catch (NotFoundException nfe) {
acl = aclService.createAcl(oid);
}
for(Permission permission:permissions) {
acl.insertAce(acl.getEntries().size(), permission, receipient, true);
}
aclService.updateAcl(acl);
}
而且我通過Authentication對象檢索ACL:
List<Sid> sids = sidRetrievalStrategy.getSids(authentication);
List<ObjectIdentity> identities = new ArrayList<>(domainObjects.size());
for (Object domainObject : domainObjects) {
identities.add(objectIdentityRetrievalStrategy.getObjectIdentity(domainObject));
}
Map<ObjectIdentity, Acl> acls = aclService.readAclsById(identities, sids);
//see what permissions the user has for these objects
for (Map.Entry<ObjectIdentity, Acl> entry : acls.entrySet()) {
Acl acl = entry.getValue();
//entries that are not applicable to the SIDs are returned
List<AccessControlEntry> entries = acl.getEntries();
}
如果我登錄到另一個用戶名,然後嘗試檢索ACL通過readAclsById,我也得到AccessControlEntry屬於其他用戶名的值。我正確使用AclService嗎?