Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-04 01:32:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-166: Add Oracle scripts to ACL section.

Browse Source
This commit is contained in:
Ben Alex 2006-05-23 10:34:13 +00:00
parent 6b5fc1efce
commit ad1127f1d6
1 changed files with 57 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
doc/docbook/acegi.xml
View File

@ -26,7 +26,7 @@
<subtitle>Reference Documentation</subtitle> <subtitle>Reference Documentation</subtitle>
<releaseinfo>1.0.0 RC 2</releaseinfo> <releaseinfo>1.0.0</releaseinfo>
<authorgroup> <authorgroup>
<author> <author>
@ -1846,13 +1846,14 @@ public aspect DomainObjectInstanceSecurityAspect implements InitializingBean {
username and other properties you deem relevant.</para> username and other properties you deem relevant.</para>
<para>Advanced tip &amp; word to the wise: the <para>Advanced tip &amp; word to the wise: the
<literal>SiteminderAuthenticationProcessingFilter</literal> actually extends <literal>SiteminderAuthenticationProcessingFilter</literal> actually
<literal>AuthenticationProcessingFilter</literal> and thus additionally supports form extends <literal>AuthenticationProcessingFilter</literal> and thus
validation. If you configure the filter to support both, and code additionally supports form validation. If you configure the filter
your <literal>daoAuthenticationProvider</literal> to match the to support both, and code your
username and passwords as described above, you'll potentially defeat <literal>daoAuthenticationProvider</literal> to match the username
any security you have in place if the web server's Siteminder agent and passwords as described above, you'll potentially defeat any
is deactivated. Don't do this, especially in production!</para> security you have in place if the web server's Siteminder agent is
deactivated. Don't do this, especially in production!</para>
</sect3> </sect3>
</sect2> </sect2>
@ -5150,7 +5151,54 @@ INSERT INTO acl_permission VALUES (null, 6, 'scott', 1);</programlisting></para>
<para>As can be seen, database-specific constraints are used <para>As can be seen, database-specific constraints are used
extensively to ensure the integrity of the ACL information. If you extensively to ensure the integrity of the ACL information. If you
need to use a different database (Hypersonic SQL statements are shown need to use a different database (Hypersonic SQL statements are shown
above), you should try to implement equivalent constraints.</para> above), you should try to implement equivalent constraints. The
equivalent Oracle configuration is:</para>
<para><programlisting>CREATE TABLE ACL_OBJECT_IDENTITY (
ID number(19,0) not null,
OBJECT_IDENTITY varchar2(255) NOT NULL,
PARENT_OBJECT number(19,0),
ACL_CLASS varchar2(255) NOT NULL,
primary key (ID)
);
ALTER TABLE ACL_OBJECT_IDENTITY ADD CONTRAINT FK_PARENT_OBJECT foreign key (ID) references ACL_OBJECT_IDENTITY
CREATE SEQUENCE ACL_OBJECT_IDENTITY_SEQ;
CREATE OR REPLACE TRIGGER ACL_OBJECT_IDENTITY_ID
BEFORE INSERT ON ACL_OBJECT_IDENTITY
FOR EACH ROW
BEGIN
SELECT ACL_OBJECT_IDENTITY_SEQ.NEXTVAL INTO :new.id FROM dual;
END;
CREATE TABLE ACL_PERMISSION (
ID number(19,0) not null,
ACL_OBJECT_IDENTITY number(19,0) NOT NULL,
RECIPIENT varchar2(255) NOT NULL,
MASK number(19,0) NOT NULL,
primary key (ID)
);
ALTER TABLE ACL_PERMISSION ADD CONTRAINT UNIQUE_ID_RECIPIENT unique (acl_object_identity, recipient);
CREATE SEQUENCE ACL_PERMISSION_SEQ;
CREATE OR REPLACE TRIGGER ACL_PERMISSION_ID
BEFORE INSERT ON ACL_PERMISSION
FOR EACH ROW
BEGIN
SELECT ACL_PERMISSION_SEQ.NEXTVAL INTO :new.id FROM dual;
END;
&lt;bean id="basicAclExtendedDao" class="org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl"&gt;
&lt;property name="dataSource"&gt;
&lt;ref bean="dataSource"/&gt;
&lt;/property&gt;
&lt;property name="objectPropertiesQuery" value="${acegi.objectPropertiesQuery}"/&gt;
&lt;/bean&gt;
&lt;prop key="acegi.objectPropertiesQuery"&gt;SELECT CHILD.ID, CHILD.OBJECT_IDENTITY, CHILD.ACL_CLASS, PARENT.OBJECT_IDENTITY as PARENT_OBJECT_IDENTITY FROM acl_object_identity as CHILD LEFT OUTER JOIN acl_object_identity as PARENT ON CHILD.parent_object=PARENT.id WHERE CHILD.object_identity = ?&lt;/prop&gt; </programlisting></para>
<para>The <literal>JdbcDaoImpl</literal> will only respond to requests <para>The <literal>JdbcDaoImpl</literal> will only respond to requests
for <literal>NamedEntityObjectIdentity</literal>s. It converts such for <literal>NamedEntityObjectIdentity</literal>s. It converts such