Problem with ACL Service and Apache Derby
I'm having problems getting example 13-7 from the book Spring Recipes (the previous edition which covers Spring 2.5) to update the ACL tables defined in my Apache Derby data base.
From the book, the ACL tables were created using the follow SQL:
Upon attempting to post a message to the example message board web application, the following code gets executed:Code:CREATE TABLE ACL_SID ( ID BIGINT NOT NULL GENERATED BY DEFAULT AS IDENTITY, SID VARCHAR(100) NOT NULL, PRINCIPAL SMALLINT NOT NULL, PRIMARY KEY (ID), UNIQUE (SID, PRINCIPAL) ); CREATE TABLE ACL_CLASS ( ID BIGINT NOT NULL GENERATED BY DEFAULT AS IDENTITY, CLASS VARCHAR(100) NOT NULL, PRIMARY KEY (ID), UNIQUE (CLASS) ); CREATE TABLE ACL_OBJECT_IDENTITY ( ID BIGINT NOT NULL GENERATED BY DEFAULT AS IDENTITY, OBJECT_ID_CLASS BIGINT NOT NULL, OBJECT_ID_IDENTITY BIGINT NOT NULL, PARENT_OBJECT BIGINT, OWNER_SID BIGINT, ENTRIES_INHERITING SMALLINT NOT NULL, PRIMARY KEY (ID), UNIQUE (OBJECT_ID_CLASS, OBJECT_ID_IDENTITY), FOREIGN KEY (PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY, FOREIGN KEY (OBJECT_ID_CLASS) REFERENCES ACL_CLASS, FOREIGN KEY (OWNER_SID) REFERENCES ACL_SID ); CREATE TABLE ACL_ENTRY ( ID BIGINT NOT NULL GENERATED BY DEFAULT AS IDENTITY, ACL_OBJECT_IDENTITY BIGINT NOT NULL, ACE_ORDER INT NOT NULL, SID BIGINT NOT NULL, MASK INTEGER NOT NULL, GRANTING SMALLINT NOT NULL, AUDIT_SUCCESS SMALLINT NOT NULL, AUDIT_FAILURE SMALLINT NOT NULL, PRIMARY KEY (ID), UNIQUE (ACL_OBJECT_IDENTITY, ACE_ORDER), FOREIGN KEY (ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY, FOREIGN KEY (SID) REFERENCES ACL_SID );
The ACL service, defined in it's own bean file (board-acl.xml) is defined as follows:Code:@Override @Secured( { "ROLE_USER" }) @Transactional public synchronized void postMessage(Message message) { message.setId(System.currentTimeMillis()); messages.put(message.getId(), message); ObjectIdentity oid = new ObjectIdentityImpl(Message.class, message .getId()); MutableAcl acl = mutableAclService.createAcl(oid); acl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid( message.getAuthor()), true); acl.insertAce(1, BasePermission.DELETE, new GrantedAuthoritySid( "ROLE_ADMIN"), true); acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid( "ROLE_USER"), true); mutableAclService.updateAcl(acl); }
When attempting to post a message, the following error is reported:Code:<bean id="aclService" class="org.springframework.security.acls.jdbc.JdbcMutableAclService"> <constructor-arg ref="dataSource" /> <constructor-arg ref="lookupStrategy" /> <constructor-arg ref="aclCache" /> <property name="sidIdentityQuery" value="values identity_val_local()" /> <property name="classIdentityQuery" value="values identity_val_local()" /> </bean>
I suspect the problem is with how the identity queries are being defined for the ACL service bean. The book was written to use an older version of Spring Security, as it defined an 'identityQuery' for the JdbcMutableAclService. I'm using Spring Security 2.0.6, which does not define such a property, rather it has the properties 'classIdentityQuery' and 'sidIdentityQuery'.Code:org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.dao.DataIntegrityViolationException: PreparedStatementCallback; SQL [update acl_object_identity set parent_object = ?, owner_sid = ?, entries_inheriting = ? where id = ?]; An attempt was made to get a data value of type '<UNKNOWN>' from a data value of type 'BIGINT'.; nested exception is java.sql.SQLDataException: An attempt was made to get a data value of type '<UNKNOWN>' from a data value of type 'BIGINT'.
Can someone familiar with configuring ACL services with Apache Derby shed some light on the cause of my problem?
Thanks,
Jeff
Reply With Quote
