如何使用 Spring Security ACL 获取用户有权访问的域对象列表?
[英]How do I get a list of domain objects a user has permissions for with Spring Security ACLs?
问题描述
I'm just starting to use Spring Security ACL.
我刚刚开始使用 Spring Security ACL。 I want to obtain a list of domain objects that a user has (any) permissions for.我想获取用户拥有(任何)权限的域对象列表。
For example, the system has 1000s of 'buildings', a user may have access to any number of these buildings.例如,系统有 1000 座“建筑物”,用户可以访问任意数量的这些建筑物。 When the user logs in I want to present them with a list of the building they have permissions for.当用户登录时,我想向他们展示他们有权访问的建筑物列表。
Something along the lines of myAclService.getObjectsForUser('myemail@gmail.com', Building.class)类似于 myAclService.getObjectsForUser('myemail@gmail.com', Building.class)
I'm starting to think that ACLs don't work in that direction, but it must be a common challenge so there must at least be a pattern for how to achieve this alongside ACL without duplicating data.我开始认为 ACL 在这个方向上不起作用,但这一定是一个共同的挑战,所以至少必须有一个模式来实现这一点,同时 ACL 不会重复数据。
Any thoughts welcome, thanks!欢迎任何想法,谢谢!
2 个解决方案
解决方案1
1 已采纳 2015-08-20 21:26:52
I believe you are right that what's provided in Spring Security re.我相信您是对的,Spring Security 中提供的内容是正确的。 ACL is more from the object perspective than from the subject (principal) perspective. ACL 更多地是从客体的角度而不是从主体(主体)的角度。
You can check the SQL code of all AclService s from Spring Security, specifically JdbcAclService and JdbcMutableAclService .您可以从 Spring Security 中检查所有AclService的 SQL 代码,特别是JdbcAclService和JdbcMutableAclService 。
解决方案2
0 2017-03-15 00:01:53
You want to use the @PostFilter annotations for smaller datasets您想对较小的数据集使用@PostFilter注释
@PostFilter("hasPermission(filterObject, 'read') or hasPermission(filterObject, 'admin')")
public List<Buildings> getAll();
for larger data sets you may want to use the query in my answer to How to get a List of Objects that a user can access using ACLs related tables对于较大的数据集,您可能希望在我对如何获取用户可以使用 ACL 相关表访问的对象列表的回答中使用查询
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.