All geek questions in one place

Custom ACL Graphic ACL

Spring The ACL security plugin for grails uses the BasePermission class with 4 basic permissions by default. And uses DefaultFactory to assign these permissions. And the AclPermissionEvaluator where this DefaultFactory is assigned.

When using this approach, everything is in order. I can use

@PreAuthorize("hasPermission(#report, read)")

Here I provided one of the basic permissions, called READ, which is defined in the BasePermission class.

I need my own user permissions. I did:

  public class MyPermission extends AbstractPermission{ public static final Permission APPROVE= new MyPermission(1 << 0, 'a'); //constructors here.. }

1) How to properly assign my user permission to use it, how did I use permissions from BasePermission? 2) Should I define my CustomFactory or can I use DefaultFactory? 3) If yes, how to install it for an existing permit specialist?

Another open question. I played with a subclass of BasePermission, but in this case I have to use

  @PreAuthorize("hasPermission(#report, 'approve')")

instead

  @PreAuthorize("hasPermission(#report, approve)")

4) Why did I get an error in the absence of single quotes?

  Class:org.springframework.expression.spel.SpelEvaluationException Message:EL1008E:(pos 28): Field or property 'approve' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'

Thanks in advance!

+4
source share
1 answer

You better extend org.springframework.security.acls.domain.BasePermission , since you have all the standard permissions plus yours:

 package com.mycompany.myapp.MyPermission; public class MyPermission extends BasePermission { public static final Permission APPROVE = new MyPermission(1 << 5, 'V'); // 32 protected MyPermission(int mask) { super(mask); } protected MyPermission(int mask, char code) { super(mask, code); } }

You need to register it with factory permission to make it available in expressions; override aclPermissionFactory bean in grails-app/conf/spring/resources.groovy , passing your class as a constructor argument:

 import org.springframework.security.acls.domain.DefaultPermissionFactory import com.mycompany.myapp.MyPermission beans = { aclPermissionFactory(DefaultPermissionFactory, MyPermission) }

The reason it works without quotes with standard permissions is because MethodSecurityExpressionRoot has constants for standard permissions:

 public final String read = "read"; public final String write = "write"; public final String create = "create"; public final String delete = "delete"; public final String admin = "administration";

but there’s not one for you, so you need to quote it to make it look in your class for permissions.

+3
source

Source: https://habr.com/ru/post/1396300/

More articles:


All Articles