Over a million developers have joined DZone.

Configure Domain Object Security (ACL) With Spring Security 3 and Oracle XE

· Java Zone

Navigate the Maze of the End-User Experience and pick up this APM Essential guide, brought to you in partnership with CA Technologies

I recently configured a domain object's security with Spring Security 3 and Oracle. Since I couldn't find much about that topic, I thought that I would share my solution. I assume that you are familiar with Spring and will not describe how to configure the base application.

First we need the four tables for the default JDBC implementation of Spring-Security acl.
These are:

ACL_SID


ACL_CLASS


ACL_OBJECT_IDENTITY


ACL_ENTRY


We also need a trigger for the id of each table. You can create a trigger for each table with the following script. Don't forget to replace the red marked names for each table.

In our applicationContext we need a dataSource bean for the Oracle XE database:

After this preparation we can configure the Spring Security acl with Spring-el. I used an extra context file called "applicationContext-ACL.xml". For an Oracle DB we need to adapt the identity queries the acl service uses like the following:



Look at my example applicationContext-ACL.xml for the other required bean configurations.

Now you can use the aclService to create acl entiries for your business objects and the Pre- and Post- Authorize or Filter annotations to protect them.

Also have a look at the Spring documentation:
Domain Object Security (ACLs)
@Pre and @Post Annotations
ACL Schema

Thrive in the application economy with an APM model that is strategic. Be E.P.I.C. with CA APM.  Brought to you in partnership with CA Technologies.

Topics:

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}