使用Spring Security ACL [英] Using Spring Security ACL

问题描述

我正在尝试在我的应用程序中实现Spring Security ACL.我有很多要在其上使用ACL的类.

I am trying to implement Spring Security ACL in my application. I have many classes that I want to use an ACL on.

我在文档中读到以前曾经成功使用过AOP.这是否意味着所有服务都应具有一个公共接口，以对对象进行CRUD，以最大程度地重用建议?

I read in the documentation that AOP have been used with success before. Does this mean that all the services should have a common interface for doing CRUD against the objects for maximum reuse of the advise?

还是在服务的保存，更新，删除方法中手动插入，删除，...是正常的吗?

Or is it normal to manually insert, delete, ... in the save, update, delete methods of the service?

我无法找到许多有关人们如何使用框架的示例.

I can't manage to find many examples of how people use the framework.

推荐答案

这一切都取决于您的应用程序.具有集中的服务层次结构无疑会使实现针对创建/检索/更新/删除方法的单个安全检查变得更加简单.但是，如果您现有的应用程序具有不同的服务，而这些服务不一定具有相同的父实现，那么就必须在每个服务方法上添加ALC安全注释.

It all depends on your app. Having a centralized hierarchy of services would certainly make it simpler to implement single security checks for create/retrieve/update/delete methods. But you have an existing app with different services that don't necessarily have a common parent implementation, then you'd have to add ALC security annotation on each service method.

另一种选择是将ACL安全性放在您的DAO层上，它可以正常工作，但是由于某种原因感觉不对.恕我直言，DAO不应处理诸如安全性之类的事情.我已经花了很多时间来处理Spring Security ACL，到目前为止已经掌握了相当不错的方法，如果您需要任何具体的例子，请查我.

Another option is to put ACL security on your DAO layer, it works fine, but for some reason just doesn't feel right. IMHO DAO's shouldn't deal with things like security. I've spent a LOT of time dealing with Spring Security ACL, got a pretty good handle on it by now, ping me if you need any concrete examples.

这篇关于使用Spring Security ACL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！