Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure Spring ACL without XML file

I am trying to add ACL capabilities to my server. I have configured spring security using java file and would like to add ACL in the same manner. How should I do it? All the tutorials I found used XML file.

SecurityInit:

@Order(1)
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}

SecurityConfig

@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
@Component
@ComponentScan(basePackages = {"test.package"})
public class SecurityConfig extends 

WebSecurityConfigurerAdapter {

...
    @Autowired
    protected void registerAuthentication(UserDetailsService userDetailsService, AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

//  http://stackoverflow.com/a/21100458/162345
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .headers().disable()
                .addFilterBefore(...)
                .addFilterBefore(...)

//                TODO: create a better way to differentiate login to signup
                .exceptionHandling()
                    .authenticationEntryPoint(noRedirectForAnonymous)
                    .and()

                .formLogin()
                    .successHandler(restAuthenticationSuccessHandler)
                    .failureHandler(restAuthenticationFailureHandler)
                    .and()

                .logout()
                    .logoutSuccessHandler(noRedirectLogoutSuccessHandler)
                    .and()

                .authorizeRequests()
                    .antMatchers("/api/keywords/**").permitAll()
                    .antMatchers("/api/**").authenticated();
    }
}
like image 596
special0ne Avatar asked Oct 10 '14 05:10

special0ne


1 Answers

You can configure spring acl with Java configuration class as follow

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class ACLConfig extends GlobalMethodSecurityConfiguration {

@Autowired
DataSource dataSource;

EhCacheBasedAclCache aclCache() {
    EhCacheFactoryBean factoryBean = new EhCacheFactoryBean();
    EhCacheManagerFactoryBean cacheManager = new EhCacheManagerFactoryBean();

    factoryBean.setName("aclCache");
    factoryBean.setCacheManager(cacheManager.getObject());
    return new EhCacheBasedAclCache(factoryBean.getObject());
}


LookupStrategy lookupStrategy() {
    return new BasicLookupStrategy(dataSource, aclCache(), aclAuthorizationStrategy(), new ConsoleAuditLogger());
}


AclAuthorizationStrategy aclAuthorizationStrategy() {
    return new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ACL_ADMIN"),
        new SimpleGrantedAuthority("ROLE_ACL_ADMIN"),
        new SimpleGrantedAuthority("ROLE_ACL_ADMIN"));
}

@Bean
JdbcMutableAclService aclService() {
    JdbcMutableAclService service = new JdbcMutableAclService(dataSource, lookupStrategy(), aclCache());
    service.setClassIdentityQuery("select currval(pg_get_serial_sequence('acl_class', 'id'))");
    service.setSidIdentityQuery("select currval(pg_get_serial_sequence('acl_sid', 'id'))");
    return service;
}

@Bean
AclMasterService masterService() {
    return new AclMasterService();
}

@Override
protected MethodSecurityExpressionHandler createExpressionHandler(){
    DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
    expressionHandler.setPermissionEvaluator(new AclPermissionEvaluator(aclService()));
    return expressionHandler;
}
}

The important aspect of the configuration are extend from

GlobalMethodSecurityConfiguration

override the method

createExpressionHandler

and enable the Pre and Post anotations with the follow anotation at the begining of the class

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)

Now you can use anotations like

@PreAuthorize('hasPermission(#object,read)')

see the Contact sample of Spring Security or the spring security reference guide for more uses of @Pre and @Post anotations. This configuration class was tested on Spring 4 , Spring Security 4.0.1 and Spring Security ACL 3.1.2. If you want configure the authentication you can use a different Java class or override the configure method from this. If you already have a configured ehcache this configuration could not work correctly due to the ehcache is a singleton class and this configuration try to create a new one.

like image 113
JCF Avatar answered Oct 17 '22 16:10

JCF