Spring Security ACL : necessity of "ID" field in domain objects

[ronak.kamdar@gmail.com]

Hi,

I am trying to use the Spring Security ACL to implement domain object level security.

Is it mandatory to have my primary key named as "id" with type as int in the my Application specific tables in order for entry to be inserted into acl_object_identity table?

cant i have my primary key as string and perhaps named for eg employee_code?

[davidof]

I know you can override the id long type using an ObjectIdentityRetrievalStrategy,

e.g.

public class FileNameRetrievalStrategy implements
ObjectIdentityRetrievalStrategy {

public ObjectIdentity getObjectIdentity(Object domainObject) {
String path = (String) domainObject;
return new ObjectIdentityImpl(String.class, path);
}
}

You reference this so:

<beans:bean id="aclArticleWriteVoter"
class="org.springframework.security.acls.AclEntryV oter">
...
<beansroperty name="objectIdentityRetrievalStrategy">
<beans:bean class="com.abcseo.infrastructure.FileNameRetrieval Strategy" />
</beansroperty>

<beansroperty name="processDomainObjectClass" value="java.lang.String" />
</beans:bean>
I assume you could then use a String in the acl_object_identity table rather than a long. You may have to extend the JDBCAclService or maybe you can just set the retrieval SQL. I don't use the standard ACL implementation in my app so I havn't done this.