0

如何使用 mutableAclService 在 spring security acl 中删除用户访问权限。这段代码可以吗

private  void deleteEntry(Long id){

        ObjectIdentity objectIdentity = new ObjectIdentityImpl(OrganizationStructure.class, id);

        Sid user = new PrincipalSid("admin");
        Permission p1 = BasePermission.READ;

        try {
            MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
            acl.getEntries().forEach(c->{
                System.out.println(c.toString());
                if(c.getSid().equals(user))
                    acl.getEntries().remove(c);
            });
            mutableAclService.updateAcl(acl);

        } catch (NotFoundException nfe) {
        }

    }
4

2 回答 2

3

如果列表中有相同 SID 的多个访问控制条目,上述代码将失败。此外,如果其中没有任何条目,您可能希望完全删除 ACL。这是一个稍微改进的版本:

    ObjectIdentity oi = new ObjectIdentityImpl(objectClass, objectId);
    try {
        MutableAcl acl = (MutableAcl) aclService.readAclById(oi);
        List<AccessControlEntry> aclEntries = acl.getEntries();
        for (int i = aclEntries.size() - 1; i >= 0; i--) {
            AccessControlEntry ace = aclEntries.get(i);
            if (ace.getSid().equals(sid)) {
                acl.deleteAce(i);
            }
        }
        if (acl.getEntries().isEmpty()) {
            aclService.deleteAcl(oi, true);
        }
        aclService.updateAcl(acl);
    } catch (NotFoundException ignore) {
    }
于 2020-02-25T20:56:47.717 回答
1

尝试后我发现如何删除条目

private void deleteEntry(Long id) {
        ObjectIdentity objectIdentity = new ObjectIdentityImpl(OrganizationStructure.class, id);
        Sid user = new PrincipalSid(SecurityUtility.getAuthenticatedUser().getUsername());
        try {
            MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
            Consumer<AccessControlEntry> style = (AccessControlEntry p) -> System.out.println("id:"+p.getSid());
            acl.getEntries().forEach(style);

            for (int i = 0; i < acl.getEntries().size(); i++) {
                if (acl.getEntries().get(i).getSid().toString().equals(user.toString())) {
                    acl.deleteAce(i);
                    break;
                }
            }

            acl.getEntries().forEach(style);
            mutableAclService.updateAcl(acl);
        } catch (NotFoundException nfe) {
        }

    }
于 2017-10-19T09:06:06.070 回答