我正在使用 spring-security-acl 进行授权。
我想注册一个新用户并授予该用户仅修改其自身的权限。我正在执行以下步骤:
- 将用户添加到 mySql 数据库中的用户表中。
- 设置此用户的权限(将自身修改为 ACL_* 表的权限)
public void permission(User user) {
ObjectIdentity oi = new ObjectIdentityImpl(User.class, user.getId());
Sid sid = new PrincipalSid(user.getUserName());
Permission p = BasePermission.ADMINISTRATION;
// Create or update the relevant ACL
MutableAcl acl = null;
try {
acl = (MutableAcl) mutableAclService.readAclById(oi);
} catch (NotFoundException nfe) {
// The poblem is on this line, when it calls createAcl SecurityContextHolder.getContext().getAuthentication() gets the anonymousUser as a principal
acl = mutableAclService.createAcl(oi);
}
// Now grant some permissions via an access control entry (ACE)
acl.insertAce(acl.getEntries().size(), p, sid, true);
mutableAclService.updateAcl(acl);
}
但是当我检查acl_object_identity表owner_sid时,对象的始终是anonymousUser.