I faced with strange and unexpected situation with Spring Security ACL when tried to create ACL using MutableAclService.createAcl(ObjectIdentity objectIdentity)
.
The matter is that ObjectIdentity
uses Serializable
type for identifiers.
At the same time my domains use String
type for this purpose. Ids are generated in such way:
String id = UUID.randomUUID().toString();
And then I try to add ACL using the following structure:
ObjectIdentity identity = new ObjectIdentityImpl(clazz, id);
aclService.createAcl(identity);
After that I get the following exception:
java.lang.NumberFormatException: For input string: "ad169805-a2d1-4324-ba11-c98cc679e594"
I found that Spring Security ACL uses Long
type for identifiers.
So, the questions are:
Serializable
is mentioned everywhere, but in fact it must be long?P.S. And the SQL data types for identifiers are also numbers - bigserial.
It's been over three years but i will leave this for anyone still struggling with this one:
As of 2017-2018 (especially with from this commit https://github.com/spring-projects/spring-security/commit/6decf1c8ef8e31b0d9de9a2f2b364ce682d8b166#diff-bdb889847e56650fc7c52f9de584ba22 and on) Spring security ACL started implementing classes to solve this problem.
I am currently using Spring Security ACL 5.2.2.RELEASE which narrows down the solution of this problem to 2 simple configurations modifications:
@Bean
public LookupStrategy lookupStrategy() {
BasicLookupStrategy basicLookupStrategy = new BasicLookupStrategy(
dataSource,
aclCache(),
aclAuthorizationStrategy(),
new ConsoleAuditLogger()
);
basicLookupStrategy.setAclClassIdSupported(true); // <--- this line
return basicLookupStrategy;
}
@Bean
public JdbcMutableAclService aclService() {
JdbcMutableAclService jdbcMutableAclService = new JdbcMutableAclService(dataSource,lookupStrategy(),aclCache());
jdbcMutableAclService.setAclClassIdSupported(true); //<-- And this line.
return jdbcMutableAclService;
}
When using the above configuration the spring acl assumes you have an extra field in your table "acl_class" called "class_id_type" which holds the information of what type is your entity's ID. For example my PostgreSQL definition for this table is as follows:
create table if not exists acl_class(
id bigserial not null primary key,
class varchar(100) not null,
class_id_type varchar(100),
constraint unique_uk_2 unique(class)
);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With