Spring Security
  1. Spring Security
  2. SEC-1308

Jdbc[Mutable]AclService can allow (all) sql statements to be configured

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 2.0.5
    • Fix Version/s: 3.0.0.RC2
    • Component/s: ACLs
    • Labels:
      None

      Description

      I'm providing a candidate patch for consideration. It's an enhancement to jdbc acl service that allows all sql statement strings to be configured by via spring. Please review and incorporate if desired.

      The attached patch contains:
      1) Interface for AclSQLSource (not sure if setters should really be part of this or not. I decided to include them.)
      2) DefaultAclSQLSource - contains the usual Postgres SQL statements and setters for Spring configuration. Additional constructor takes a map with property and sql map entries.
      3) Changes to JdbcAclService and JdbcMutableAclService to read statements from the AclSQLSource.

      ===
      Sample configuration:

      <bean id="sqlSource"
      class="org.springframework.security.acls.jdbc.DefaultAclSQLSource">
      <constructor-arg>
      <map>
      <entry key="classIdentityQuery" value="SELECT ACL_CLASS_ID_SEQ.CURRVAL FROM DUAL" />
      <entry key="sidIdentityQuery" value="SELECT ACL_SID_ID_SEQ.CURRVAL FROM DUAL" />
      <entry key="selectSidPrimaryKey"
      value="select id from acl_sid where principal=DECODE(?,'TRUE','1','Y','1','1','1','FALSE','0','N','0','0','0') and sid=?" />
      <entry key="insertSid"
      value="insert into acl_sid (principal, sid) values (DECODE(?,'TRUE','1','Y','1','1','1','FALSE','0','N','0','0','0'), ?)" />
      </map>
      </constructor-arg>
      </bean>

      <bean id="aclService"
      class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
      <constructor-arg ref="secDataSource" index="0"/>
      <constructor-arg ref="lookupStrategy" index="1"/>
      <constructor-arg ref="aclCache" index="2"/>
      <constructor-arg ref="sqlSource" index="3"/>
      </bean>
      ===

        Issue Links

          Activity

          Hide
          Luke Taylor added a comment -

          I believe this has already been done as part of SEC-925,SEC-1224.

          Show
          Luke Taylor added a comment - I believe this has already been done as part of SEC-925 , SEC-1224 .

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Tim
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: