具有自定义权限的Grails ACL [英] Grails ACL with Custom Permissions

问题描述

默认情况下，Grails的Spring Security ACL插件使用具有4个基本权限的BasePermission类。并使用DefaultFactory分配此权限。和AclPermissionEvaluator分配给这个DefaultFactory。

使用这种方法一切都很好。我可以使用

  @PreAuthorize（hasPermission（#report，read））
  

这里我提供了一个名为READ的基本权限，它在BasePermission类中定义。

我需要的是我自己的自定义权限。
我已经完成：

  public class MyPermission extends AbstractPermission {
 
 public static final Permission APPROVE = new MyPermission（1 <<0，'a'）; 
 
 //这里的构造函数.. 
} 
  

<1>如何正确地分配我的自定义权限来使用它，就像我使用BasePermission的权限一样？
2）我应该定义我的CustomFactory还是可能使用DefaultFactory？
3）如果是，如何将其设置为现有权限评估者？

另一个未解决的问题。我已经玩过BasePermission的子类，但在这种情况下，我应该使用

pre $ @ $ PreAuthorize（hasPermission（#report， 'b


$ b

而不仅仅是

  @PreAuthorize（hasPermission（#report，approve））
  

$ b $为什么在没有单引号的情况下，我得到了错误？

  Class：org.springframework.expression。 spel.SpelEvaluationException 
消息：EL1008E :(位置28）：无法在'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'类型的对象上找到字段或属性'approve'
 < 
 
解决方案
 p>您最好扩展 org.springframework.security.acls.domain.BasePermission ，因为这样您拥有所有标准权限加上您的权限：
  package com.mycompany.myapp.My允许; 
 $ b $ public class MyPermission extends BasePermission {
 
 public static final Permission APPROVE = new MyPermission（1 <<5，'V'）; // 32 
 
保护MyPermission（int mask）{
 super（mask）; 
 
 
 protected MyPermission（int mask，char code）{
 super（mask，code）; 
 
 
 $ / code> 
您需要在许可工厂注册才能制作它在表达式中可用;覆盖 grails-app / conf / spring / resources.groovy 中的 aclPermissionFactory  bean，将您的类作为构造函数参数传递：
  import org.springframework.security.acls.domain.DefaultPermissionFactory 
 import com.mycompany.myapp.MyPermission 
 
 beans = {
 aclPermissionFactory（DefaultPermissionFactory，MyPermission）
} 
  
它使用标准权限不加引用的原因是 MethodSecurityExpressionRoot 具有标准权限的常量： 
 
 
  public final String read =read; 
 public final String write =write; 
 public final String create =create; 
 public final String delete =delete; 
 public final String admin =administration; 
  
但是没有一个适合您，所以您需要引用它来强制在您的权限类。
 
Spring Security ACL plugin for grails by default uses the BasePermission class with 4 basic permissions. And uses DefaultFactory to assign this permissions. And AclPermissionEvaluator where this DefaultFactory is assigned.

When use this approach all is fine. I can use
    @PreAuthorize("hasPermission(#report, read)")
Here I provided one of the basic permissions called READ which is defined in BasePermission class.

What I need is my own custom permissions.
I've done:
     public class MyPermission extends AbstractPermission{

        public static final Permission APPROVE= new MyPermission(1 << 0, 'a');

        //constructors here..  
     }
1) How correctly assign my custom permission to use it like I used permissions from BasePermission?
2)Should I define my CustomFactory or its possible to use DefaultFactory? 
3)If yes, how to set it to existing permission evaluator?

Also another open question. I've played around with subclass of BasePermission, but in that case I should use
    @PreAuthorize("hasPermission(#report, 'approve')")
instead of just
    @PreAuthorize("hasPermission(#report, approve)")
4)Why in case of no single quotes I got the error?
     Class:org.springframework.expression.spel.SpelEvaluationException
     Message:EL1008E:(pos 28): Field or property 'approve' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'
Thanks in advance!
解决方案
You're better off extending org.springframework.security.acls.domain.BasePermission since that way you have all the standard permissions plus yours:
package com.mycompany.myapp.MyPermission;

public class MyPermission extends BasePermission {

   public static final Permission APPROVE = new MyPermission(1 << 5, 'V'); // 32

   protected MyPermission(int mask) {
      super(mask);
   }

   protected MyPermission(int mask, char code) {
      super(mask, code);
   }
}
You need to register it with the permission factory to make it available in expressions; override the aclPermissionFactory bean in grails-app/conf/spring/resources.groovy, passing your class as the constructor argument:
import org.springframework.security.acls.domain.DefaultPermissionFactory
import com.mycompany.myapp.MyPermission

beans = {
   aclPermissionFactory(DefaultPermissionFactory, MyPermission)
}
The reason it works unquoted with standard permissions is that MethodSecurityExpressionRoot has constants for the standard permissions:
public final String read = "read";
public final String write = "write";
public final String create = "create";
public final String delete = "delete";
public final String admin = "administration";
but there isn't one for yours, so you need to quote it to force a lookup in your permission class.

                        
这篇关于具有自定义权限的Grails ACL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！