App Engine数据存储上的Spring Security ACL [英] Spring Security ACL on App Engine Datastore

问题描述

我们正在使用Spring Security ACL基础设施与App Engine数据存储相结合。我们不使用底层的Datastore API，而是使用Objectify框架来访问Datatstore。我们需要将Spring Security ACL模型（适用于RDBMS）转换为更适合于无模式面向对象数据存储的模型。到目前为止，我们已经结束了两个实体描述如下。

Acl

• id：Long


• domainObject：键（祖先/父母）


• 条目：List< AclEntry> （嵌入式）
  
• 所有者：字符串

AclEntry

• sid：String


• 主体：布尔值


• 掩码：int


• 授予：boolean

几乎每次ACL被已知的domainObject（而不是ACL id）检索和因此我们决定使用域对象作为给定ACL的祖先，这样我们就可以使用祖先查询（强一致性）并获取对ACL来说至关重要的最新数据。

问题是，这样的模型对于像什么[实体]具有给定用户（sid）访问权限的查询是不够的。其中[实体]可以是任何可用的实体，如项目，组... ...

有没有人在NoSQL数据库上运行Spring Security ACL，尤其是在App Engine上数据存储？任何提示都将不胜感激。

解决方案

您可能会认为我的答案一开始就是关闭的，但您的问题超出了Spring Security ：您需要更改您的数据方法。

如果您使用的是无数据库数据存储，则允许您的应用扩展，而不是结构化您的应用程序围绕您的数据。

您需要根据您的用例为您的实体建模，而不是紧密地将它们放入为RDBMS构建的框架中。
这是性能恕我直言的权衡。

如果您不愿意交易结构以获得效果，这可能意味着您的应用程序更适合Google Cloud SQL ：）

我可能错了：告诉我们更多关于您的用例的信息？这就是你如何通过NoSQL数据库得到有用的建议。

We are using Spring Security ACL infrastructure in conjuction with App Engine Datastore. We do not use low-level Datastore API but rather we use Objectify framework to access Datatstore. We need to transform Spring Security ACL model (suitable for RDBMS) into model more suitable for schema-less object-oriented Datastore. So far we have ended up with two entities described below.

Acl

• id: Long
• domainObject: Key (ancestor/parent)
• entries: List<AclEntry> (embedded)
• owner: String

AclEntry

• sid: String
• principal: boolean
• mask: int
• granting: boolean

Almost every time the ACL is being retrieved by the known domainObject (not by ACL id) and hence we decided to use the domain object as an ancestor for the given ACL so that we can use ancestor query (strong consistent) and get most up-to-date data that is crucial in case of ACL

The thing is that such a model is not sufficient for queries like "What [entities] has the given user (sid) access to?" where [entities] can be any available entity like a project, group, ...

Does anyone have some experience with running Spring Security ACL on NoSQL database especially on App Engine Datastore? Any hint would be appreciated.

解决方案

You'll probably think my answer is off at first, but your issue is beyond Spring Security : you need to change your approach of data.

If you're using your using a "NO SQL" datastore, it's to allow your app to scale, not to structure your app around your data.

You need to model your entities based on your use cases, not tight fit them in a framework that was built for RDBMS. That's the tradeoff for performance IMHO.

If you're not willing to trade structure for performance, it probably means your application is more suited for Google Cloud SQL :)

I may be wrong though : tell us more about your use case? that's how you will get helpful advice with a "NoSQL" database.

这篇关于App Engine数据存储上的Spring Security ACL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！