Last active
March 3, 2021 16:33
-
-
Save MuellerConstantin/ad7c0fd718945d5c38a09e5398d6da19 to your computer and use it in GitHub Desktop.
Spring Data ACL permission filtering support for persistence layer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import lombok.*; | |
| import org.springframework.data.annotation.Immutable; | |
| import javax.persistence.*; | |
| @Entity | |
| @Immutable | |
| @Table(name = "acl_class") | |
| @AllArgsConstructor | |
| @NoArgsConstructor | |
| @Getter | |
| @EqualsAndHashCode | |
| @ToString | |
| public final class AclClass { | |
| @Id | |
| @GeneratedValue(strategy = GenerationType.IDENTITY) | |
| private Long id; | |
| @Column(name = "class", nullable = false) | |
| private String className; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import lombok.*; | |
| import org.springframework.data.annotation.Immutable; | |
| import javax.persistence.*; | |
| @Entity | |
| @Immutable | |
| @Table(name = "acl_entry", uniqueConstraints = { | |
| @UniqueConstraint(name = "_ak_acl_object_identity_ace_order", columnNames = {"acl_object_identity", "ace_order"}) | |
| }) | |
| @AllArgsConstructor | |
| @NoArgsConstructor | |
| @Getter | |
| @EqualsAndHashCode | |
| @ToString | |
| public final class AclEntry { | |
| @Id | |
| @GeneratedValue(strategy = GenerationType.IDENTITY) | |
| private Long id; | |
| @ManyToOne(optional = false) | |
| @JoinColumn(name = "acl_object_identity", referencedColumnName = "id", nullable = false) | |
| private AclObjectIdentity aclObjectIdentity; | |
| @Column(name = "ace_order", nullable = false) | |
| private int aceOrder; | |
| @ManyToOne(optional = false) | |
| @JoinColumn(name = "sid", referencedColumnName = "id", nullable = false) | |
| private AclSid aclSid; | |
| @Column(name = "mask", nullable = false) | |
| private int mask; | |
| @Column(name = "granting", nullable = false) | |
| private boolean granting; | |
| @Column(name = "audit_success", nullable = false) | |
| private boolean auditSuccess; | |
| @Column(name = "audit_failure", nullable = false) | |
| private boolean auditFailure; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.springframework.data.domain.Page; | |
| import org.springframework.data.domain.Pageable; | |
| import org.springframework.data.jpa.domain.Specification; | |
| import org.springframework.data.jpa.repository.JpaRepository; | |
| import org.springframework.data.repository.NoRepositoryBean; | |
| import org.springframework.security.acls.model.Permission; | |
| import java.util.List; | |
| /** | |
| * ACL specific extension of {@link JpaRepository}. Extends by supporting collection filtering | |
| * based on ACL {@link Permission permissions}. | |
| * | |
| * @param <T> Entity domain type | |
| * @param <ID> Unique identifier's type | |
| * @author 0x1C1B | |
| */ | |
| @NoRepositoryBean | |
| public interface AclJpaRepository<T, ID> extends JpaRepository<T, ID> { | |
| /** | |
| * Finds all available entities filtered by ACL permission. | |
| * | |
| * @param permission Permission filter criteria | |
| * @return Returns a list of all matching entities | |
| */ | |
| List<T> findAll(Permission permission); | |
| /** | |
| * Fetches all available entities filtered by ACL permission as a {@link Page}. | |
| * | |
| * @param permission Permission filter criteria | |
| * @return Returns a Page of entities matching the permission criteria | |
| */ | |
| Page<T> findAll(Pageable pageable, Permission permission); | |
| /** | |
| * Finds all available entities filtered by ACL permission and matching the given | |
| * {@link Specification}. | |
| * | |
| * @param spec Given specification | |
| * @param permission Permission filter criteria | |
| * @return Returns a list of all matching entities | |
| */ | |
| List<T> findAll(Specification<T> spec, Permission permission); | |
| /** | |
| * Fetches all available entities matching the given {@link Specification} and | |
| * filtered by ACL permission as a {@link Page}. | |
| * | |
| * @param spec Given specification | |
| * @param permission Permission filter criteria | |
| * @return Returns a Page of entities matching the permission criteria | |
| */ | |
| Page<T> findAll(Specification<T> spec, Pageable pageable, Permission permission); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import lombok.*; | |
| import org.springframework.data.annotation.Immutable; | |
| import javax.persistence.*; | |
| @Entity | |
| @Immutable | |
| @Table(name = "acl_object_identity", uniqueConstraints = { | |
| @UniqueConstraint(name = "_ak_object_id_class_object_id_identity", columnNames = {"object_id_class", "object_id_identity"}) | |
| }) | |
| @AllArgsConstructor | |
| @NoArgsConstructor | |
| @Getter | |
| @EqualsAndHashCode | |
| @ToString | |
| public final class AclObjectIdentity { | |
| @Id | |
| @GeneratedValue(strategy = GenerationType.IDENTITY) | |
| private Long id; | |
| @ManyToOne(optional = false) | |
| @JoinColumn(name = "object_id_class", referencedColumnName = "id", nullable = false) | |
| private AclClass objectIdClass; | |
| @Column(name = "object_id_identity", nullable = false) | |
| private Long objectIdIdentity; | |
| @ManyToOne | |
| @JoinColumn(name = "parent_object", referencedColumnName = "id") | |
| private AclObjectIdentity parentObject; | |
| @ManyToOne(optional = false) | |
| @JoinColumn(name = "owner_sid", referencedColumnName = "id", nullable = false) | |
| private AclSid ownerSid; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import lombok.*; | |
| import org.springframework.data.annotation.Immutable; | |
| import javax.persistence.*; | |
| @Entity | |
| @Immutable | |
| @Table(name = "acl_sid", uniqueConstraints = { | |
| @UniqueConstraint(name = "_ak_sid_principal", columnNames = {"sid", "principal"}) | |
| }) | |
| @AllArgsConstructor | |
| @NoArgsConstructor | |
| @Getter | |
| @EqualsAndHashCode | |
| @ToString | |
| public final class AclSid { | |
| @Id | |
| @GeneratedValue(strategy = GenerationType.IDENTITY) | |
| private Long id; | |
| @Column(name = "principal", nullable = false) | |
| private boolean principal; | |
| @Column(name = "sid", nullable = false, length = 100) | |
| private String sid; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, this is great! Do you have any usage examples that I can check? Thanks in advance!