How to get a list of domain objects for which a user has permissions for Spring ACL security?

Question

How to get a list of domain objects for which a user has permissions for Spring ACL security?

I'm just starting to use Spring Security ACL. I want to get a list of domain objects for which the user has (any) permissions for.

For example, a system has 1000 “buildings”, a user can have access to any number of these buildings. When a user logs in, I want to present them with a list of the building for which they have permissions.

Something in the lines myAclService.getObjectsForUser ( amyemail@gmail.com , Building.class)

I am starting to think that ACLs do not work in this direction, but this should be a common task, so at least there should be an example of how to achieve this together with ACLs without duplicating data.

Any thoughts are welcome, thanks!

+5

java spring spring-security acl

Tom crowder Apr 7 '15 at 21:49

source share

2 answers

Do you want to use @PostFilter annotations

 @PostFilter("hasPermission(filterObject, 'read') or hasPermission(filterObject, 'admin')") public List<Buildings> getAll();

0

denov Mar 15 '17 at 0:01

source share

lpezet · Accepted Answer · 2015-08-20T21:26:52+0000

I believe that you are correct in what is provided in Spring Security re. ACLs are more from the perspective of an object than from a topic (main).

You can check the SQL code of all AclService with Spring Security, specifically JdbcAclService and JdbcMutableAclService .

How to get a list of domain objects for which a user has permissions for Spring ACL security?

More articles: