Spring Security ACL add extra permission

Hi,

The spring security ACL plugin comes with 4 basic permissions.

i.e. READ,WRITE,DELETE,ADMIN

I wanted to know the process of adding more custom permissions to this.

I have total 8 permissions to be allocated to users.

Regards
Lalit

The plugin doesn't provide any permissions - those are from Spring Security, so the process is the same as if you weren't using the plugin. If you want to keep the current 4 permissions and add 4 more, subclass org.springframework.security.acls.domain.BasePermission and add the new ones using the same pattern as the existing ones. If you want different permissions, create a new class modeled after BasePermission that extends AbstractPermission and has your 8 permissions defined similarly.

Burt

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

Hi,

I went for the second option. i.e. describing my own class which extends AbstractPermission class. I am using the same example as given in the tutorial.

Below is the code:

package com.testacl

import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.domain.*;

class MyPermission extends AbstractPermission {
       
        public static final Permission READ = new MyPermission(1 << 0, 'R'); // 1
        public static final Permission WRITE = new MyPermission(1 << 1, 'W'); // 2
        public static final Permission CREATE = new MyPermission(1 << 2, 'C'); // 4
        public static final Permission DELETE = new MyPermission(1 << 3, 'D'); // 8
        public static final Permission ADMINISTRATOR = new MyPermission(1 << 4, 'A'); // 16
        public static final Permission ACCEPT = new MyPermission(1 << 5, 'E'); // 32

        protected MyPermission(int mask) {
           super(mask);
        }

        protected MyPermission(int mask, char code) {
                super(mask, code);
        }
}


Bootstrapping file:

import com.testacl.Report
import com.testacl.Role
import com.testacl.User
import com.testacl.UserRole

import static com.testacl.MyPermission.ADMINISTRATION
import static com.testacl.MyPermission.DELETE
import static com.testacl.MyPermission.READ
import static com.testacl.MyPermission.WRITE
import static com.testacl.MyPermission.ACCEPT


import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.authority.AuthorityUtils
import org.springframework.security.core.context.SecurityContextHolder as SCH


class BootStrap {

   def aclService
   def aclUtilService
   def objectIdentityRetrievalStrategy
   def sessionFactory
   def springSecurityService

   def init = { servletContext ->
      createUsers()
      loginAsAdmin()
      grantPermissions()
      sessionFactory.currentSession.flush()

      // logout
      SCH.clearContext()
   }
...
private void grantPermissions() {
...
aclUtilService.addPermission reports[4], 'user2', ACCEPT
...
}

Below is the error:

[main] ERROR context.GrailsContextLoader  - Error executing bootstraps: Mask '32' does not have a corresponding static Permission
java.lang.IllegalStateException: Mask '32' does not have a corresponding static Permission
        at org.grails.plugins.springsecurity.service.acl.AclService.readAclsById(AclService.groovy:296)
        at org.grails.plugins.springsecurity.service.acl.AclService.readAclById(AclService.groovy:276)
        at org.grails.plugins.springsecurity.service.acl.AclService.readAclById(AclService.groovy:267)
        at org.grails.plugins.springsecurity.service.acl.AclService.updateAcl(AclService.groovy:187)
        at org.grails.plugins.springsecurity.service.acl.AclService$$FastClassByCGLIB$$a1601b11.invoke(<generated>)
        at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
        at org.grails.plugins.springsecurity.service.acl.AclService$$EnhancerByCGLIB$$512d11e5.updateAcl(<generated>)
        at org.grails.plugins.springsecurity.service.acl.AclUtilService.addPermission(AclUtilService.groovy:90)
        at org.grails.plugins.springsecurity.service.acl.AclUtilService$addPermission$0.callCurrent(Unknown Source)
        at org.grails.plugins.springsecurity.service.acl.AclUtilService.addPermission(AclUtilService.groovy:67)
        at org.grails.plugins.springsecurity.service.acl.AclUtilService$$FastClassByCGLIB$$1c3c8eaf.invoke(<generated>)
        at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
        at org.grails.plugins.springsecurity.service.acl.AclUtilService$$EnhancerByCGLIB$$ec59692f.addPermission(<generated>)
        at org.grails.plugins.springsecurity.service.acl.AclUtilService$addPermission.call(Unknown Source)
        at BootStrap.grantPermissions(BootStrap.groovy:89)
        at BootStrap.this$2$grantPermissions(BootStrap.groovy)
        at BootStrap$_closure1.doCall(BootStrap.groovy:36)
        at grails.util.Environment.evaluateEnvironmentSpecificBlock(Environment.java:251)
        at grails.util.Environment.executeForEnvironment(Environment.java:244)
        at grails.util.Environment.executeForCurrentEnvironment(Environment.java:220)
        at org.grails.tomcat.TomcatServer.start(TomcatServer.groovy:212)
        at grails.web.container.EmbeddableServer$start.call(Unknown Source)
        at _GrailsRun_groovy$_run_closure5_closure12.doCall(_GrailsRun_groovy:158)
        at _GrailsRun_groovy$_run_closure5_closure12.doCall(_GrailsRun_groovy)
        at _GrailsSettings_groovy$_run_closure10.doCall(_GrailsSettings_groovy:280)
        at _GrailsSettings_groovy$_run_closure10.call(_GrailsSettings_groovy)
        at _GrailsRun_groovy$_run_closure5.doCall(_GrailsRun_groovy:149)
        at _GrailsRun_groovy$_run_closure5.call(_GrailsRun_groovy)
        at _GrailsRun_groovy.runInline(_GrailsRun_groovy:116)
        at _GrailsRun_groovy.this$4$runInline(_GrailsRun_groovy)
        at _GrailsRun_groovy$_run_closure1.doCall(_GrailsRun_groovy:59)
        at RunApp$_run_closure1.doCall(RunApp:33)
        at gant.Gant$_dispatch_closure5.doCall(Gant.groovy:381)
        at gant.Gant$_dispatch_closure7.doCall(Gant.groovy:415)
        at gant.Gant$_dispatch_closure7.doCall(Gant.groovy)
        at gant.Gant.withBuildListeners(Gant.groovy:427)
        at gant.Gant.this$2$withBuildListeners(Gant.groovy)
        at gant.Gant$this$2$withBuildListeners.callCurrent(Unknown Source)
        at gant.Gant.dispatch(Gant.groovy:415)
        at gant.Gant.this$2$dispatch(Gant.groovy)
        at gant.Gant.invokeMethod(Gant.groovy)
        at gant.Gant.executeTargets(Gant.groovy:590)
        at gant.Gant.executeTargets(Gant.groovy:589)


Kindly let me know if I am doing something wrong or missing something.

Thanks and Regards
Lalit

Based on the example in this post, I think you need to add the following to your permissions class:

class MyPermission extends AbstractPermission {
...

/**
* Registers the public static permissions defined on this class. This is
* mandatory so that the static methods will operate correctly. (copied from
* super class)
*/
static {
  registerPermissionsFor(ExtendedPermission.class);
}

...

}

The registerPermissionsFor() is been deprecated from the latest spring security API.

Instead, we will have to use the DefaultPermissionFactory to make our custom permissions.

class CustomFactory extends DefaultPermissionFactory  {
       
        public CustomFactory() {
                super();
                registerPublicPermissions(MyPermissions.class);
        }
       
   public CustomFactory(Class<? extends Permission> permissionClass) {
           super(permissionClass);
   }
   
   public CustomFactory(Map<String, ? extends Permission> namedPermissions) {
           super(namedPermissions);
   }
}

I was not able to give much time on this as I got busy with some other work. So, I still dont know what else needs to be done after this step.