Grails ACL with Custom Permissions - McMap

About

Grails ACL with Custom Permissions

Asked 13/2, 2012 at 22:35 Answered 15/2, 2012 at 6:35

Solved spring grails permissions acl

A

1

4

Spring Security ACL plugin for grails by default uses the BasePermission class with 4 basic permissions. And uses DefaultFactory to assign this permissions. And AclPermissionEvaluator where this DefaultFactory is assigned.

When use this approach all is fine. I can use

    @PreAuthorize("hasPermission(#report, read)")

Here I provided one of the basic permissions called READ which is defined in BasePermission class.

What I need is my own custom permissions. I've done:

     public class MyPermission extends AbstractPermission{

        public static final Permission APPROVE= new MyPermission(1 << 0, 'a');

        //constructors here..  
     }

1) How correctly assign my custom permission to use it like I used permissions from BasePermission? 2)Should I define my CustomFactory or its possible to use DefaultFactory? 3)If yes, how to set it to existing permission evaluator?

Also another open question. I've played around with subclass of BasePermission, but in that case I should use

    @PreAuthorize("hasPermission(#report, 'approve')")

instead of just

    @PreAuthorize("hasPermission(#report, approve)")

4)Why in case of no single quotes I got the error?

     Class:org.springframework.expression.spel.SpelEvaluationException
     Message:EL1008E:(pos 28): Field or property 'approve' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'

Thanks in advance!

Allotment answered 13/2, 2012 at 22:35 Comment(0)

O

3

You're better off extending org.springframework.security.acls.domain.BasePermission since that way you have all the standard permissions plus yours:

package com.mycompany.myapp.MyPermission;

public class MyPermission extends BasePermission {

   public static final Permission APPROVE = new MyPermission(1 << 5, 'V'); // 32

   protected MyPermission(int mask) {
      super(mask);
   }

   protected MyPermission(int mask, char code) {
      super(mask, code);
   }
}

You need to register it with the permission factory to make it available in expressions; override the aclPermissionFactory bean in grails-app/conf/spring/resources.groovy, passing your class as the constructor argument:

import org.springframework.security.acls.domain.DefaultPermissionFactory
import com.mycompany.myapp.MyPermission

beans = {
   aclPermissionFactory(DefaultPermissionFactory, MyPermission)
}

The reason it works unquoted with standard permissions is that MethodSecurityExpressionRoot has constants for the standard permissions:

public final String read = "read";
public final String write = "write";
public final String create = "create";
public final String delete = "delete";
public final String admin = "administration";

but there isn't one for yours, so you need to quote it to force a lookup in your permission class.

Osteotome answered 15/2, 2012 at 6:35 Comment(3)

Thanks for you answer! It helpful. But may clarify, where is correct to override the aclPermissionFactory bean? Directly in plugin in SpringSecurityAclGrailsPlugin.groovy? Because, by default all plugins stored in %USER_HOME%/... and that means if somebody else checkout this project he will get default configuration. – Allotment 15/2, 2012 at 18:8

No - avoid editing plugin code. Do this in grails-app/conf/spring/resources.groovy - I edited the answer to clarify this. – Osteotome 15/2, 2012 at 18:25

Is there a way to extend MethodSecurityExpressionRoot so I don't have to use the quotes? I do not like that it is not consistent and you have to know that some permissions need quotes and some don't – Dished 29/11, 2012 at 21:19

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.