2

We are using Spring Security ACL infrastructure in conjuction with App Engine Datastore. We do not use low-level Datastore API but rather we use Objectify framework to access Datatstore. We need to transform Spring Security ACL model (suitable for RDBMS) into model more suitable for schema-less object-oriented Datastore. So far we have ended up with two entities described below.

Acl

  • id: Long
  • domainObject: Key (ancestor/parent)
  • entries: List<AclEntry> (embedded)
  • owner: String

AclEntry

  • sid: String
  • principal: boolean
  • mask: int
  • granting: boolean

Almost every time the ACL is being retrieved by the known domainObject (not by ACL id) and hence we decided to use the domain object as an ancestor for the given ACL so that we can use ancestor query (strong consistent) and get most up-to-date data that is crucial in case of ACL

The thing is that such a model is not sufficient for queries like "What [entities] has the given user (sid) access to?" where [entities] can be any available entity like a project, group, ...

Does anyone have some experience with running Spring Security ACL on NoSQL database especially on App Engine Datastore? Any hint would be appreciated.

4

1 回答 1

0

一开始你可能会认为我的答案是错误的,但你的问题超出了 Spring Security 的范围:你需要改变你的数据方法。

如果您使用的是“NO SQL”数据存储,它是为了让您的应用程序可以扩展,而不是围绕您的数据构建您的应用程序。

您需要根据您的用例对实体进行建模,而不是将它们紧贴在为 RDBMS 构建的框架中。这是性能恕我直言的权衡。

如果您不愿意以结构换取性能,这可能意味着您的应用程序更适合 Google Cloud SQL :)

不过我可能错了:告诉我们更多关于您的用例的信息?这就是您将如何使用“NoSQL”数据库获得有用建议的方式。

于 2014-03-18T10:29:30.213 回答