Spring ACL to default grant access.

Hello everyone,

I have the following problem: I'm trying to use Spring Security ACL to restrict the objects the user has access to. I have a service that deals with the entities, and that service has 4 methods: create(Class claz), get(Class claz, Long id), save(Object obj), remove(Object obj).
What I've done is I have annotated those methods with

Code:

---

@PreAuthorize("hasPermission(#model, 'write'))

---

, and read, create and delete respectfully. Next I have created my own

Code:

---

EntityPKRetrievalStrategy

---

which extends

Code:

---

ObjectIdentityRetrievalStrategy

---

and in case the domain object passed is of type Class, I simply return

Code:

---

new ObjectIdentityImpl(entity.getClass(), -1l)

---

Notice the long -1 there. Next I have populated the 4 DB tables ACL_ENTRY, ACL_OBJECT_IDENTITY, ACL_CLASS and ACL_SID with the ACL_OBJECT_IDENTITY having OBJECT_ID_IDENTITY having -1. It all works great and the logged in SID is granted access to read the object. The point where I'm stuck is - if the user tries to create a new Entity, with a PK, say 2 or 3 (the PK is auto-increment), then spring denies access to the method because I have specified ACL_OBJECT_IDENTITY only for OBJECT_ID_IDENTITY -1 :( .. How can I configure Spring, or what do I need to put in my

Code:

---

EntityPKRetrievalStrategy

---

to make it work for any entity?

I hope I made it clear enough... if not please let me know and I'll try to clarify.

Cheers.

Instead of -1 in

Code:

---

new ObjectIdentityImpl(entity.getClass(), -1L)

---

use entity, something like

Code:

---

new ObjectIdentityImpl(entity)

---

Also you can refer Contacts sample and Document Management System(DMS) sample in Spring Security source (git://github.com/SpringSource/spring-framework.git).