Java – someone can explain spring security basepermission Create?

Java

I'm developing a project involving spring security ACL, and I encountered creating permission basepermission CREATE. Someone please explain how this should work or what it allows someone to do?

My understanding is that each object has an ACL, each ACL has many aces, and each ace has a Sid and a permission If you have to create an object to attach an ACL to it, how do you grant the object permission to create it?

Solution

Spring security indirectly grants permissions to domain objects through the objectidentity interface

As you mentioned, so far, the usual situation is that you first create or obtain a domain object, and then construct an objectidentityimpl for the domain object:

MyDomainObject secured = new MyDomainObject();
ObjectIdentity securedIdentity = new ObjectIdentityImpl(secured);

Then use the objectidentity instance to retrieve the ACL using the spring security framework

However, this is not the only way to use object identification You can pass a reference to an objectidentity that is not an actual business object, but if it has been created, you can use some way to identify it

For example, imagine that we want to protect files We can use protected Java io. File instance to create objectidentity The file object in the identity is only a reference to the file - it is not an actual file - the file may not even exist, but we have an objectidentity, and then we can infer security and obtain ACL

This pattern can be applied to any type of domain object Create a domainobjectprototype implementation that describes domain objects according to the domain functions required to protect domain objects, but does not actually need a reference to domain objects You can think of this as the details that some services actually need to create the domain object

PS: let me admit that I have never used spring safety devices, but after reading example, my design pattern seems to be very clear

Editor: I've updated this to make it clearer - there's no need to create an implementation of objectidentity because I originally wrote it

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>