Home/ Questions/Q 8162403
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T18:41:58+00:00

Can we do both Principle and as-well-as GratedAuthority in acl_sid and give permissions for

  • 0

Can we do both Principle and as-well-as GratedAuthority in acl_sid and give permissions for a object in spring acl security ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, we can do that. ACL_SID table can take SIDs that are either roles or users.

    Here is a sample insert when it is role:

    insert into acl_sid (principal, sid) values (false, 'ROLE_ADMIN');

    If it is a user principal then the insert will be:

    insert into acl_sid (principal, sid) values (true, 'bob');

    You can also do runtime manipulation of ACL fields using mutable ACL.

    Here is a sample:

    // Prepare the information we'd like in our access control entry (ACE)
ObjectIdentity oi1 = new ObjectIdentityImpl(Foo.class, new Long(44));
ObjectIdentity oi2 = new ObjectIdentityImpl(Bar.class, new Long(44));
Sid user = new PrincipalSid("bob");
Sid adminRole = new GrantedAuthoritySid("ROLE_ADMIN");
Permission p1 = BasePermission.READ;
Permission p2 = BasePermission.ADMINISTRATION;

// Create or update the relevant ACL
MutableAcl acl1 = null;
MutableAcl acl2 = null;
try {
  acl1 = mutableAclService.readAclById(oi1);
} catch (NotFoundException nfe) {
  acl1 = mutableAclService.createAcl(oi1);
}

try {
  acl2 = mutableAclService.readAclById(oi2);
} catch (NotFoundException nfe) {
  acl2 = mutableAclService.createAcl(oi2);
}

// Now grant some permissions via an access control entry (ACE)
acl1.setOwner(user);
acl1.insertAce(0, p1, user, true);
aclService.updateAcl(acl1);
acl2.setOwner(adminRole);
acl2.insertAce(0, p2, adminRole, true);
aclService.updateAcl(acl2);
    • 0