Over a million developers have joined DZone.

Configure Domain Object Security (ACL) With Spring Security 3 and Oracle XE

· Java Zone

Learn more about Kotlin, a new programming language designed to solve problems that software developers face every day brought to you in partnership with JetBrains.

I recently configured a domain object's security with Spring Security 3 and Oracle. Since I couldn't find much about that topic, I thought that I would share my solution. I assume that you are familiar with Spring and will not describe how to configure the base application.

First we need the four tables for the default JDBC implementation of Spring-Security acl.
These are:

ACL_SID


ACL_CLASS


ACL_OBJECT_IDENTITY


ACL_ENTRY


We also need a trigger for the id of each table. You can create a trigger for each table with the following script. Don't forget to replace the red marked names for each table.

In our applicationContext we need a dataSource bean for the Oracle XE database:

After this preparation we can configure the Spring Security acl with Spring-el. I used an extra context file called "applicationContext-ACL.xml". For an Oracle DB we need to adapt the identity queries the acl service uses like the following:



Look at my example applicationContext-ACL.xml for the other required bean configurations.

Now you can use the aclService to create acl entiries for your business objects and the Pre- and Post- Authorize or Filter annotations to protect them.

Also have a look at the Spring documentation:
Domain Object Security (ACLs)
@Pre and @Post Annotations
ACL Schema

The Java Zone is brought to you in partnership with JetBrains.  Discover how powerful static code analysis and ergonomic design make development not only productive but also an enjoyable experience.

Topics:

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}