Spring Security ACLs with ROO

**hatim** · Apr 24th, 2010, 07:57 PM

Hello,

I am wondering what would be an easy way to integrate spring security ACLs with ROO based application. One could implement UserDetails service mapped onto entities generated by ROO, but ACL is ORM independent (or should i say locked out of ORM as ORM feels free to me)

There is a schema given in Appendix A of Spring Security 3.x documentation and it leads me to believe that it is not easy (perhaps impossible) to generate that schema from ROO/Hibernate schema generation (even with JPA annotations)

For starters I am just looking into a no pain CRUD with Users, Organizations (or Groups) and ACLs

**mikrobi** · Apr 25th, 2010, 03:45 AM

I'm using Hibernate in my Roo-WebApp, too. Because the DDLs given in Appendix A of Spring Security 3.x documentation vary for different databases (eg. HSQL and PostgreSQL) I wanted Hibernate to create the DDLs according to the database set by hibernate.dialect.

Therefore I created some Roo Entity classes (which I never use in my application code) for letting hibenrate create the ACL tables. The DDL created by hibernate match the DDLs given in Appendix A of Spring Security 3.x documentation.

I'm not sure if this is a well designed solution, but it works

.

Here my Java classes:

AclClass.java

Code:

import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;

import org.springframework.roo.addon.entity.RooEntity;
import org.springframework.roo.addon.javabean.RooJavaBean;
import org.springframework.roo.addon.tostring.RooToString;

@Entity
@RooJavaBean
@RooToString
@RooEntity(versionField = "")
@Table(name = "acl_class")
public class AclClass {
	
	@Column(name = "class", nullable=false, unique=true)
	private String clazz;
}

AclEntry.java

Code:

import javax.persistence.Entity;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
import javax.validation.constraints.NotNull;

import org.springframework.roo.addon.entity.RooEntity;
import org.springframework.roo.addon.javabean.RooJavaBean;
import org.springframework.roo.addon.tostring.RooToString;

@Entity
@RooJavaBean
@RooToString
@RooEntity(versionField = "")
@Table(name = "acl_entry", uniqueConstraints = { @UniqueConstraint(columnNames = {
		"acl_object_identity", "ace_order" }) })
public class AclEntry {

    @NotNull
    @ManyToOne(targetEntity = AclObjectIdentity.class)
    @JoinColumn
    private AclObjectIdentity acl_object_identity;

    @NotNull
    private Integer ace_order;

    @NotNull
    @ManyToOne(targetEntity = AclSid.class)
    @JoinColumn
    private AclSid sid;
    
    @NotNull
    private Integer mask;
    
    @NotNull
    private boolean granting;
    
    @NotNull
    private boolean audit_success;
    
    @NotNull
    private boolean audit_failure;
}

AclObjectIdentity.java

Code:

import javax.persistence.Entity;
import org.springframework.roo.addon.javabean.RooJavaBean;
import org.springframework.roo.addon.tostring.RooToString;
import org.springframework.roo.addon.entity.RooEntity;
import javax.persistence.Table;
import de.oponion.domain.security.AclClass;
import javax.validation.constraints.NotNull;
import javax.persistence.ManyToOne;
import javax.persistence.JoinColumn;
import javax.persistence.UniqueConstraint;

import de.oponion.domain.security.AclSid;

@Entity
@RooJavaBean
@RooToString
@RooEntity(versionField = "")
@Table(name = "acl_object_identity", uniqueConstraints = { @UniqueConstraint(columnNames = {
		"object_id_class", "object_id_identity" }) })
public class AclObjectIdentity {

    @NotNull
    @ManyToOne(targetEntity = AclClass.class)
    @JoinColumn
    private AclClass object_id_class;

    @NotNull
    private Long object_id_identity;

    @ManyToOne(targetEntity = de.oponion.domain.security.AclObjectIdentity.class)
    @JoinColumn
    private de.oponion.domain.security.AclObjectIdentity parent_object;

    @NotNull
    @ManyToOne(targetEntity = AclSid.class)
    @JoinColumn
    private AclSid owner_sid;
    
    @NotNull
    private boolean entries_inheriting;
}

AclSid.java

Code:

import javax.persistence.Entity;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
import javax.validation.constraints.NotNull;

import org.springframework.roo.addon.entity.RooEntity;
import org.springframework.roo.addon.javabean.RooJavaBean;
import org.springframework.roo.addon.tostring.RooToString;

@Entity
@RooJavaBean
@RooToString
@RooEntity(versionField = "")
@Table(name = "acl_sid", uniqueConstraints = { @UniqueConstraint(columnNames = {
		"sid", "principal" }) })
public class AclSid {

	@NotNull
	private boolean principal;

	@NotNull
	private String sid;

}

**hatim** · May 3rd, 2010, 07:26 PM

@mikrobi

I didn't get the time to investigate your solution until this weekend.
The problem I see is that it does not generate the exact SQL as is prescribed by the schema. I think following the SQL to the letter may not be necessary but to be on the safe side I am using import.sql of hbm2ddl to populate the DB.

**mikrobi** · May 4th, 2010, 12:54 AM

hmm, what database are you using? Which parts differ from the ddl provided by the doc?

I'm using HSQL and the tables created by Hibernate are the same prescribed by the schema. (And ACL is working fine, too).

If you are using import.sql of hbm2ddl you're using native SQL which may be depending on your database...

Thread: Spring Security ACLs with ROO

Thread Tools

Display

Spring Security ACLs with ROO

Tags for this Thread

Posting Permissions