如何更改 Spring Security ACL 中的权限?
我想将授予用户的权限扩展到实体.
I want to extend the permissions given for an user to an entity.
我可以通过 MutableAclService 创建 ACL.
I am able to create ACLs via MutableAclService.
MutableAcl acl = this.mutableAclService.createAcl(new ObjectIdentityImpl(entity));
acl.setOwner(SYSTEM_PRINCIPAL_SID);
acl.insertAce(0, permission, grantToSid, true);
this.mutableAclService.updateAcl(acl);
但我不知道如何更改 ACL.例如,如果用户拥有实体的读取权限,我想为他提供额外的写入权限.或者授予其他用户相同的权限.
But I don't know how to change ACLs. For example if a user has Read Privileges to an entity, I want to provide him additional Write Privileges. Or give an other user the same privileges.
我的第一次尝试是调用 MutableAclService.createAcl 两次,但失败了:
My first try was to invoke MutableAclService.createAcl twice, but that failed:
org.springframework.security.acls.model.AlreadyExistsException: 对象标识 'org.springframework.security.acls.domain.ObjectIdentityImpl[Type: test.Entity;标识符: 3]' 已经存在
org.springframework.security.acls.model.AlreadyExistsException: Object identity 'org.springframework.security.acls.domain.ObjectIdentityImpl[Type: test.Entity; Identifier: 3]' already exists
好吧,接缝是正确的,错误的方式.但那怎么办呢?如何为已经定义了一些权限的实体更改 acl 权限?
Ok that seams to be correct, wrong way. But how to do it then? How to change the acl permissions for an entity where already some permissions are defined?
我看了下代码,发现ACL接口的相关实现只有一个:AclImpl.
I have had a look at the code, and it seams that there is only one relevant implementation of the ACL interface: AclImpl.
该类实现了 MutableAcl 接口并由 AclService 函数返回.
This class implements the MutableAcl interface and is returned by the AclService functions.
所以我决定将结果从 Acl 转换为 MutableAcl.到目前为止,它正在运行,我没有遇到问题或 Class cast 异常:
So I decided to cast the results from Acl to MutableAcl. Up to now it is working and I did not get an problem or Class cast exception:
MutableAcl existingAcl = (MutableAcl) mutableAclService.readAclById(oid, sids);
...
mutableAclService.updateAcl(existingAcl);