Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-1166

Provide strategy interface for AclImpl isGranted() method.

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.1.0.M1
    • Component/s: ACLs
    • Labels:
      None

      Description

      This will allow more flexibility in the way the permission bitmasks are evaluated. The existing auditLogger should be moved to the default implementation, as this is the only place logging occurs in AclImpl.

        Issue Links

          Activity

          Hide
          luke Luke Taylor added a comment -

          Done. See "source" tab for information.

          Show
          luke Luke Taylor added a comment - Done. See "source" tab for information.
          Hide
          veggen Bojan Tomic added a comment -

          Does this mean providing a bitwise comparing strategy is a safe thing to do?

          Show
          veggen Bojan Tomic added a comment - Does this mean providing a bitwise comparing strategy is a safe thing to do?
          Hide
          prietzler Peter Rietzler added a comment -

          It would be nice if DefaultPermissionGrantingStrategy would contain a template method in order to decide if a permission is contained in the given mask - see
          https://gist.github.com/oliverfernandez/36846fcdc03696a7b829
          which is a copy with a new method containsPermission. If DefaultPermissionGrantingStrategy would adopt this with a protected version of containsPermission it would be easier to add stuff like bit-wise permission checking etc.

          Show
          prietzler Peter Rietzler added a comment - It would be nice if DefaultPermissionGrantingStrategy would contain a template method in order to decide if a permission is contained in the given mask - see https://gist.github.com/oliverfernandez/36846fcdc03696a7b829 which is a copy with a new method containsPermission. If DefaultPermissionGrantingStrategy would adopt this with a protected version of containsPermission it would be easier to add stuff like bit-wise permission checking etc.
          Hide
          issuemaster Spring Issuemaster added a comment -
          Show
          issuemaster Spring Issuemaster added a comment - This issue has been migrated to https://github.com/spring-projects/spring-security/issues/1414

            People

            • Assignee:
              luke Luke Taylor
              Reporter:
              luke Luke Taylor
            • Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development