How can I paginate with Spring Security, Hibernate and row level ACL

Asked 27/10, 2013 at 16:43 Answered 28/10, 2016 at 2:7

hibernate spring-security pagination recursive-query spring-security-acl

I'm reading about Spring Security and wonder whether it's possible to use Spring ACL together with hibernate and pagination. The resulting SQL is surely scary but possible to be auto-generated. It's even possible to use hierarchical ACL if the database supports recursive query evaluation.

Using a post filter is no solution since it breaks pagination and is an unnecessary overhead compared to ACL filtering inside the database.

So I actually have the pieces to build a solution. I want to know whether somebody has already done it.

Links:

Similar question from 2012 without response
link list about this question

Adim answered 27/10, 2013 at 16:43 Comment(0)

Yes there are solutions to your challenge. The field is called dynamic data masking and dynamic data filtering.

The idea is that you will have a proxy sit between your application and database. The proxy will apply the filtering such that only relevant authorized data is returned to the app hence keeping pagination intact.

Have a look at:

GreenSQL
Axiomatics Data Access Filter MD (demo)

Sarad answered 25/11, 2015 at 23:44 Comment(0)

The way I dealing with this is first by getting a list of IDs my user has access to with the solution I gave here.

I then uses this list of IDs to do a query IN with that list.

Heartland answered 28/10, 2016 at 2:7 Comment(1)

What is the list of IDs grows significantly? Did you encounter any such situation? – Grassgreen 26/10, 2018 at 20:15

Recommended topics

Hot tags