Spring ACL to default grant access.
I have the following problem: I'm trying to use Spring Security ACL to restrict the objects the user has access to. I have a service that deals with the entities, and that service has 4 methods: create(Class claz), get(Class claz, Long id), save(Object obj), remove(Object obj).
What I've done is I have annotated those methods with
, and read, create and delete respectfully. Next I have created my own
and in case the domain object passed is of type Class, I simply return
Notice the long -1 there. Next I have populated the 4 DB tables ACL_ENTRY, ACL_OBJECT_IDENTITY, ACL_CLASS and ACL_SID with the ACL_OBJECT_IDENTITY having OBJECT_ID_IDENTITY having -1. It all works great and the logged in SID is granted access to read the object. The point where I'm stuck is - if the user tries to create a new Entity, with a PK, say 2 or 3 (the PK is auto-increment), then spring denies access to the method because I have specified ACL_OBJECT_IDENTITY only for OBJECT_ID_IDENTITY -1 :( .. How can I configure Spring, or what do I need to put in my
new ObjectIdentityImpl(entity.getClass(), -1l)
to make it work for any entity?
I hope I made it clear enough... if not please let me know and I'll try to clarify.