Sunday, January 30, 2011

Spring Security 3: Full ACL Tutorial (Part 1)

In this tutorial we'll develop a simple Bulletin application where various users can create, add, edit, and delete posts depending on their access levels. Our application is a simple CRUD system that utilizes an Access Control List (ACL) to secure domain objects. The corresponding permissions will be retrieved from an external MySQL database. There's a separate database for the Bulletin posts and the ACL itself.

Here's what we'll be doing:
1. Setup a MySQL database containing ACL data
2. Setup a separate database containg the application's data
3. Secure domain objects using Expression-Based Access Control
4. Secure URLs using the intercept-url and Expression-Based Access Control
5. Tackle unexpected issues

We'll be dividing the tutorial in four parts:
Part 1: Functional Specs and the Application Database
Part 2: Spring Security Configuration
Part 3: Spring MVC Module
Part 4: Running the Application

Our system will be built on Spring MVC 3 and Spring Security 3 for the security layer. The primary goal of this tutorial is to help us setup a quick ACL-based application. To achieve that, we'll be relying on standard implementations.

Part 1: Functional Specs

Let's describe the application's requirements first, so that we know our purpose.

In our system we have three roles:
ROLE_ADMIN - provides administrative access
ROLE_USER - provides regular access
ROLE_VISITOR - provides visitor access

We also have three concrete users along with their roles:
john - ROLE_ADMIN 
jane - ROLE_USER 
mike - ROLE_VISITOR 

When john logs-in, he is given the ROLE_ADMIN. When jane logs-in, she is given the ROLE_USER. And when mike logs-in, he gets the ROLE_VISITOR.

Our Bulletin application has three types of posts:
AdminPost - contains an id, date, and message
PersonalPost - contains an id, date, and message
PublicPost - contains an id, date, and message

Here are the simple rules:
1. Only users with ROLE_ADMIN can create AdminPost
2. Only users with ROLE_USER can create PersonalPost
3. Only users with ROLE_ADMIN or ROLE_USER can create PublicPost
4. Users with ROLE_VISITOR cannot create any post
Note: When we use the word 'create', we mean adding a new post.

Here are the complex rules:
1. A user can edit and delete posts that belongs only to them regardless of the role.
2. A user with ROLE_ADMIN or ROLE_USER can edit and delete PublicPosts.
3. We are required to show all posts in the main Bulletin page
a. ROLE_ADMIN can see all posts
b. ROLE_USER can see Personal and Public posts
c. ROLE_VISITOR can only see Public posts

Let's visualize the rules using tables:

An admin has READ and WRITE access to everything, but only READ access to the Personal Posts.

Admin
Post TypeViewAddEditDelete
Adminxxxx
Personalx
Publicxxxx

A regular user has READ and WRITE access to Personal Posts and Public Posts but only READ access to Admin Posts.

User
Post TypeViewAddEditDelete
Admin



Personalxxxx
Publicxxxx

A visitor can only read Admin and Public Posts but no access of whatsoever in the Personal Posts section.

Visitor
Post TypeViewAddEditDelete
Admin



Personal
Publicx



The main problem:
If we focus on the simple rules, the solution looks easy. Just configure a simple http tag with a couple of intercept-url declarations. Here's how we may tackle this problem:

Admin Posts
<security:intercept-url pattern="/krams/admin/view" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/admin/add" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/admin/edit" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/krams/admin/delete" access="hasRole('ROLE_ADMIN')"/>

Personal Posts
<security:intercept-url pattern="/krams/personal/view" access="hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/krams/personal/add" access="hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/krams/personal/edit" access="hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/krams/personal/delete" access="hasRole('ROLE_USER')"/>

Public Posts
<security:intercept-url pattern="/krams/public/view" access="hasRole('ROLE_ADMIN') or hasRole('ROLE_USER') or hasRole('ROLE_VISITOR')"/>
<security:intercept-url pattern="/krams/public/add" access="hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/krams/public/edit" access="hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/krams/public/delete" access="hasRole('ROLE_ADMIN') or hasRole('ROLE_USER')"/>

However if we consider the complex rules, the intercept-url is unable to cope with the complex rules. Why? Because intercept-url is meant to secure at the URL-level. The complex rules are operating at the domain level.

The solution is to use ACL at the object level and intercept-url at the URL-level.

The ACL Database

We'll start our multi-part tutorial by creating a new MySQL database named acl. This database will contain our access control list. It's composed of four tables:
acl_class
acl_sid
acl_object_identity
acl_entry


Let's create our database. Here are the steps:

1. Run MySQL.
Note: I'm using phpmyadmin to manage my MySQL database.

2. Create a new database named acl

3. Import the following SQL script to create the tables:

acl_structure_mysql.sql
-- phpMyAdmin SQL Dump
-- version 3.2.4
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jan 26, 2011 at 04:34 PM
-- Server version: 5.1.41
-- PHP Version: 5.3.1

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `acl`
--

-- --------------------------------------------------------

--
-- Table structure for table `acl_sid`
--

CREATE TABLE IF NOT EXISTS `acl_sid` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `principal` tinyint(1) NOT NULL,
  `sid` varchar(100) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `unique_uk_1` (`sid`,`principal`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

-- --------------------------------------------------------

--
-- Table structure for table `acl_class`
--

CREATE TABLE IF NOT EXISTS `acl_class` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `class` varchar(255) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `unique_uk_2` (`class`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

-- --------------------------------------------------------

--
-- Table structure for table `acl_entry`
--

CREATE TABLE IF NOT EXISTS `acl_entry` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `acl_object_identity` bigint(20) NOT NULL,
  `ace_order` int(11) NOT NULL,
  `sid` bigint(20) NOT NULL,
  `mask` int(11) NOT NULL,
  `granting` tinyint(1) NOT NULL,
  `audit_success` tinyint(1) NOT NULL,
  `audit_failure` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `unique_uk_4` (`acl_object_identity`,`ace_order`),
  KEY `foreign_fk_5` (`sid`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=43 ;

-- --------------------------------------------------------

--
-- Table structure for table `acl_object_identity`
--

CREATE TABLE IF NOT EXISTS `acl_object_identity` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `object_id_class` bigint(20) NOT NULL,
  `object_id_identity` bigint(20) NOT NULL,
  `parent_object` bigint(20) DEFAULT NULL,
  `owner_sid` bigint(20) DEFAULT NULL,
  `entries_inheriting` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `unique_uk_3` (`object_id_class`,`object_id_identity`),
  KEY `foreign_fk_1` (`parent_object`),
  KEY `foreign_fk_3` (`owner_sid`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=10 ;

-- --------------------------------------------------------

--
-- Constraints for dumped tables
--

--
-- Constraints for table `acl_entry`
--
ALTER TABLE `acl_entry`
  ADD CONSTRAINT `foreign_fk_4` FOREIGN KEY (`acl_object_identity`) REFERENCES `acl_object_identity` (`id`),
  ADD CONSTRAINT `foreign_fk_5` FOREIGN KEY (`sid`) REFERENCES `acl_sid` (`id`);

--
-- Constraints for table `acl_object_identity`
--
ALTER TABLE `acl_object_identity`
  ADD CONSTRAINT `foreign_fk_1` FOREIGN KEY (`parent_object`) REFERENCES `acl_object_identity` (`id`),
  ADD CONSTRAINT `foreign_fk_2` FOREIGN KEY (`object_id_class`) REFERENCES `acl_class` (`id`),
  ADD CONSTRAINT `foreign_fk_3` FOREIGN KEY (`owner_sid`) REFERENCES `acl_sid` (`id`);

After importing the SQL script, you should have the following tables:

4. Import the following SQL script to populate the tables with data:

acl_data_mysql.sql
-- phpMyAdmin SQL Dump
-- version 3.2.4
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jan 24, 2011 at 01:28 AM
-- Server version: 5.1.41
-- PHP Version: 5.3.1

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `acl`
--

--
-- Dumping data for table `acl_sid`
--

INSERT INTO `acl_sid` (`id`, `principal`, `sid`) VALUES
(1, 1, 'john'),
(2, 1, 'jane'),
(3, 1, 'mike');

--
-- Dumping data for table `acl_class`
--

INSERT INTO `acl_class` (`id`, `class`) VALUES
(1, 'org.krams.tutorial.domain.AdminPost'),
(2, 'org.krams.tutorial.domain.PersonalPost'),
(3, 'org.krams.tutorial.domain.PublicPost');

--
-- Dumping data for table `acl_object_identity`
--

INSERT INTO `acl_object_identity` (`id`, `object_id_class`, `object_id_identity`, `parent_object`, `owner_sid`, `entries_inheriting`) VALUES
(1, 1, 1, NULL, 1, 0),
(2, 1, 2, NULL, 1, 0),
(3, 1, 3, NULL, 1, 0),
(4, 2, 1, NULL, 1, 0),
(5, 2, 2, NULL, 1, 0),
(6, 2, 3, NULL, 1, 0),
(7, 3, 1, NULL, 1, 0),
(8, 3, 2, NULL, 1, 0),
(9, 3, 3, NULL, 1, 0);

--
-- Dumping data for table `acl_entry`
--

INSERT INTO `acl_entry` (`id`, `acl_object_identity`, `ace_order`, `sid`, `mask`, `granting`, `audit_success`, `audit_failure`) VALUES
(1, 1, 1, 1, 1, 1, 1, 1),
(2, 2, 1, 1, 1, 1, 1, 1),
(3, 3, 1, 1, 1, 1, 1, 1),
(4, 1, 2, 1, 2, 1, 1, 1),
(5, 2, 2, 1, 2, 1, 1, 1),
(6, 3, 2, 1, 2, 1, 1, 1),
(7, 4, 1, 1, 1, 1, 1, 1),
(8, 5, 1, 1, 1, 1, 1, 1),
(9, 6, 1, 1, 1, 1, 1, 1),
(10, 7, 1, 1, 1, 1, 1, 1),
(11, 8, 1, 1, 1, 1, 1, 1),
(12, 9, 1, 1, 1, 1, 1, 1),
(13, 7, 2, 1, 2, 1, 1, 1),
(14, 8, 2, 1, 2, 1, 1, 1),
(15, 9, 2, 1, 2, 1, 1, 1),
(28, 4, 3, 2, 1, 1, 1, 1),
(29, 5, 3, 2, 1, 1, 1, 1),
(30, 6, 3, 2, 1, 1, 1, 1),
(31, 4, 4, 2, 2, 1, 1, 1),
(32, 5, 4, 2, 2, 1, 1, 1),
(33, 6, 4, 2, 2, 1, 1, 1),
(34, 7, 3, 2, 1, 1, 1, 1),
(35, 8, 3, 2, 1, 1, 1, 1),
(36, 9, 3, 2, 1, 1, 1, 1),
(37, 7, 4, 2, 2, 1, 1, 1),
(38, 8, 4, 2, 2, 1, 1, 1),
(39, 9, 4, 2, 2, 1, 1, 1),
(40, 7, 5, 3, 1, 1, 1, 1),
(41, 8, 5, 3, 1, 1, 1, 1),
(42, 9, 5, 3, 1, 1, 1, 1);

Verify that the tables had been populated with data:
- acl_class should contain 3 records.
- acl_sid should contain 3 records.
- acl_object_identity should contain 9 records.
- acl_entry should contain 30 records.

Table Definitions

So far what we've done is create a new database named acl and add four tables:
acl_class
acl_sid
acl_object_identity
acl_entry
But what are these tables exacly?

acl_class
The table acl_class stores the fully qualified name of domain objects. It is made up of the package name and class name of the object.

In the table below we have declared three fully qualified names that pertain to our three domain objects:

FieldDescription
idThe primary key
classThe fully qualified name of the domain object

acl_sid
The table acl_sid stores the name of the users which can be a principal (like usernames john, james, mark) or an authority (like roles ROLE_ADMIN, ROLE USER, ROLE_ANYONE).

In the table below we have declared three sid objects:

FieldDescription
idThe primary key
principalA flag to indicate if the sid field is a username or a role
sidThe actual username (ie. john) or role (ie. ROLE_ADMIN)

acl_object_identity
The table acl_object_identity stores the actual identities of the domain objects. The identities are referenced via a unique id which is retrieved from another database: the Bulletin database.


FieldDescription
idThe primary key
object_id_classRefers to the id field in the acl_class. This is a reference to the fully qualified name of the class
object_id_identityRefers to the primary id of the domain object. The id is assigned from another database: the Bulletin database (See the Bulletin Database below). Every domain object in the application needs to have a unique id.
parent_objectRefers to the id of the parent object if existing
owner_sidRefers to the id field in the acl_sid. This is a reference to the username or role
entries_inheritingA flag to indicate whether the object has inherited entries

acl_entry
The table acl_entry stores the actual permissions assigned for each user and domain object.


FieldDescription
idThe primary key
acl_object_identityRefers to the id field in the acl_object_identity table
ace_orderRefers to the ordering of the access control entries
sidRefers to the id field in the acl_sid table
maskA bitwise mask to indicate the permissions. A value of 1 is equivalent to READ permission, 2 for WRITE, and so forth.
grantingA flag to indicate whether the mask should be interpreted as granting access or deny access
audit_successA flag to indicate whether to audit a successful permission
audit_failureA flag to indicate whether to audit a failed permission

The Bulletin Database

We've finished setting up the ACL database. Now it's time to setup the application's database: the bulletin database.

The bulletin database contains the actual posts from various users. It contains three tables:

Let's create this database. Here are the steps:

1. Run MySQL
Note: I'm using phpmyadmin to manage my MySQL database

2. Create a new database named bulletin

3. Import the following SQL script to create the tables and populate them with data automatically:

bulletin_mysql.sql
-- phpMyAdmin SQL Dump
-- version 3.2.4
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jan 23, 2011 at 02:41 PM
-- Server version: 5.1.41
-- PHP Version: 5.3.1

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `bulletin`
--

-- --------------------------------------------------------

--
-- Table structure for table `admin_post`
--

CREATE TABLE IF NOT EXISTS `admin_post` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `date` datetime NOT NULL,
  `message` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

--
-- Dumping data for table `admin_post`
--

INSERT INTO `admin_post` (`id`, `date`, `message`) VALUES
(1, '2011-01-03 21:37:58', 'Custom post #1 from admin'),
(2, '2011-01-04 21:38:39', 'Custom post #2 from admin'),
(3, '2011-01-05 21:39:37', 'Custom post #3 from admin');

-- --------------------------------------------------------

--
-- Table structure for table `personal_post`
--

CREATE TABLE IF NOT EXISTS `personal_post` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `date` datetime NOT NULL,
  `message` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

--
-- Dumping data for table `personal_post`
--

INSERT INTO `personal_post` (`id`, `date`, `message`) VALUES
(1, '2011-01-06 21:40:02', 'Custom post #1 from user'),
(2, '2011-01-07 21:40:13', 'Custom post #2 from user'),
(3, '2011-01-08 21:40:34', 'Custom post #3 from user');

-- --------------------------------------------------------

--
-- Table structure for table `public_post`
--

CREATE TABLE IF NOT EXISTS `public_post` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `date` datetime NOT NULL,
  `message` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

--
-- Dumping data for table `public_post`
--

INSERT INTO `public_post` (`id`, `date`, `message`) VALUES
(1, '2011-01-10 21:40:44', 'Custom post #1 from public'),
(2, '2011-01-11 21:40:48', 'Custom post #2 from public'),
(3, '2011-01-12 21:41:08', 'Custom post #3 from public');

4. After importing the SQL script, verify that you have the following tables and data:

AdminPost

PersonalPost

PublicPost

Reminder

Remember the object_id_identity field from the acl_object_identity table? The value of object_id_identity field is derived from the actual value of the id field in the bulletin database.

Conclusion

We have completed the database setup both for the ACL and the Bulletin database. We've also explained the meaning behind the tables and the corresponding fields. Note we haven't touch anything specific to Spring Security, Spring MVC, or even Java yet. Our next task is to setup the Spring Security configuration.

Proceed to Part 2: Spring Security Configuration
StumpleUpon DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Spring Security 3: Full ACL Tutorial (Part 1) ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share

163 comments:

  1. But when you try to add a message it doesn't show up on the view page and I can see the message been added to the respective table

    ReplyDelete
    Replies
    1. Use a sample class for post method and, use predefined existing object

      Delete
    2. Can please explain further?

      Delete
  2. @Anonymous, if you check part 4 of the tutorial under the Unexpected Problems section, you'll see that issue has been discussed.

    ReplyDelete
  3. Dear
    Do all java classes and domain object tables need to have id field so as to implement acl using above method.cant we have our own primary key?

    ReplyDelete
  4. CREATE TABLE acl.public.acl_class (
    id BIGINT NOT NULL,
    class VARCHAR(255) NOT NULL,
    CONSTRAINT acl_class_pk PRIMARY KEY (id)
    );


    CREATE TABLE acl.public.acl_entry (
    id BIGINT NOT NULL,
    acl_object_identity BIGINT NOT NULL,
    ace_order INTEGER NOT NULL,
    sid BIGINT NOT NULL,
    mask INTEGER NOT NULL,
    granting BIT NOT NULL,
    audit_success BIT NOT NULL,
    audit_failure BIT NOT NULL,
    CONSTRAINT acl_entry_pk PRIMARY KEY (id)
    );


    CREATE TABLE acl.public.acl_object_identity (
    id BIGINT NOT NULL,
    object_id_class BIGINT NOT NULL,
    object_id_identity BIGINT NOT NULL,
    parent_object BIGINT,
    owner_sid BIGINT NOT NULL,
    entries_inheriting BIT NOT NULL,
    CONSTRAINT acl_object_identity_pk PRIMARY KEY (id)
    );


    CREATE TABLE acl.public.acl_sid (
    id BIGINT NOT NULL,
    principal BIT NOT NULL,
    sid VARCHAR(100) NOT NULL,
    CONSTRAINT acl_sid_pk PRIMARY KEY (id)
    );


    ALTER TABLE acl.public.acl_object_identity ADD CONSTRAINT foreign_fk_2
    FOREIGN KEY (object_id_class)
    REFERENCES acl.public.acl_class (id)
    ON DELETE NO ACTION
    ON UPDATE NO ACTION
    NOT DEFERRABLE;

    ALTER TABLE acl.public.acl_entry ADD CONSTRAINT foreign_fk_4
    FOREIGN KEY (acl_object_identity)
    REFERENCES acl.public.acl_object_identity (id)
    ON DELETE NO ACTION
    ON UPDATE NO ACTION
    NOT DEFERRABLE;

    ALTER TABLE acl.public.acl_entry ADD CONSTRAINT foreign_fk_5
    FOREIGN KEY (sid)
    REFERENCES acl.public.acl_sid (id)
    ON DELETE NO ACTION
    ON UPDATE NO ACTION
    NOT DEFERRABLE;

    ALTER TABLE acl.public.acl_object_identity ADD CONSTRAINT foreign_fk_3
    FOREIGN KEY (owner_sid)
    REFERENCES acl.public.acl_sid (id)
    ON DELETE NO ACTION
    ON UPDATE NO ACTION
    NOT DEFERRABLE;


    for postgres

    ReplyDelete
    Replies
    1. INSERT INTO acl_sid (id, principal, sid) VALUES
      (1, '1', 'john'),
      (2, '1', 'jane'),
      (3, '1', 'mike');

      --
      -- Dumping data for table acl_class
      --

      INSERT INTO acl_class (id, class) VALUES
      (1, 'org.krams.tutorial.domain.AdminPost'),
      (2, 'org.krams.tutorial.domain.PersonalPost'),
      (3, 'org.krams.tutorial.domain.PublicPost');

      --
      -- Dumping data for table acl_object_identity
      --

      INSERT INTO acl_object_identity (id, object_id_class, object_id_identity, parent_object, owner_sid, entries_inheriting) VALUES
      (1, 1, 1, NULL, 1, '0'),
      (2, 1, 2, NULL, 1, '0'),
      (3, 1, 3, NULL, 1, '0'),
      (4, 2, 1, NULL, 1, '0'),
      (5, 2, 2, NULL, 1, '0'),
      (6, 2, 3, NULL, 1, '0'),
      (7, 3, 1, NULL, 1, '0'),
      (8, 3, 2, NULL, 1, '0'),
      (9, 3, 3, NULL, 1, '0');

      --
      -- Dumping data for table acl_entry
      --

      INSERT INTO acl_entry (id, acl_object_identity, ace_order, sid, mask, granting, audit_success, audit_failure) VALUES
      (1, 1, 1, 1, 1, '1', '1', '1'),
      (2, 2, 1, 1, 1, '1', '1', '1'),
      (3, 3, 1, 1, 1, '1', '1', '1'),
      (4, 1, 2, 1, 2, '1', '1', '1'),
      (5, 2, 2, 1, 2, '1', '1', '1'),
      (6, 3, 2, 1, 2, '1', '1', '1'),
      (7, 4, 1, 1, 1, '1', '1', '1'),
      (8, 5, 1, 1, 1, '1', '1', '1'),
      (9, 6, 1, 1, 1, '1', '1', '1'),
      (10, 7, 1, 1, 1, '1', '1', '1'),
      (11, 8, 1, 1, 1, '1', '1', '1'),
      (12, 9, 1, 1, 1, '1', '1', '1'),
      (13, 7, 2, 1, 2, '1', '1', '1'),
      (14, 8, 2, 1, 2, '1', '1', '1'),
      (15, 9, 2, 1, 2, '1', '1', '1'),
      (28, 4, 3, 2, 1, '1', '1', '1'),
      (29, 5, 3, 2, 1, '1', '1', '1'),
      (30, 6, 3, 2, 1, '1', '1', '1'),
      (31, 4, 4, 2, 2, '1', '1', '1'),
      (32, 5, 4, 2, 2, '1', '1', '1'),
      (33, 6, 4, 2, 2, '1', '1', '1'),
      (34, 7, 3, 2, 1, '1', '1', '1'),
      (35, 8, 3, 2, 1, '1', '1', '1'),
      (36, 9, 3, 2, 1, '1', '1', '1'),
      (37, 7, 4, 2, 2, '1', '1', '1'),
      (38, 8, 4, 2, 2, '1', '1', '1'),
      (39, 9, 4, 2, 2, '1', '1', '1'),
      (40, 7, 5, 3, 1, '1', '1', '1'),
      (41, 8, 5, 3, 1, '1', '1', '1'),
      (42, 9, 5, 3, 1, '1', '1', '1');

      Delete
    2. I think if you look at the Spring Security jars, you will find the schema for Postgres as well (including schemas for other databases). Anyway, thank you for sharing this one. I'm sure it will help others reading this guide.

      Delete
  5. There are lots of great choices now when it comes on home security system. You can ask for a professional guide when selecting one that would fit to your needs.
    security consulting

    ReplyDelete
  6. i would wish to associate number of users to a role/authority and then assign the permissions to him. how do you relate a user in the sid table with an authority in same table.
    or can we combine the RBAC and ACL ?? if so, is there any tutorial that use ACL complementing RBAC. pls correct if my understanding is false...

    ReplyDelete
  7. Can you explain about 'acl_class'. Whats the actual requiremnt for that. IF i have 200 Controller then i have to create 200 entries?. Make me more understandable.

    ReplyDelete
  8. Hi, Thanks for your great post, there are much nice information that I am sure a huge number of guys and gals don’t know.

    RFID Access Control System

    ReplyDelete
  9. For anyone that finds this, Spring Security now has the create schema SQL for more DBs including: HSQLDB, MySQL, Oracle, PostgreSQL and SQL Server. To find the files, see below:

    https://github.com/spring-projects/spring-security/tree/master/acl/src/main/resources

    ReplyDelete
  10. Hi

    Nice article, how to use spring security acl in spring boot ?

    ReplyDelete
  11. I have read your blog its very attractive and impressive. I like it your blog.

    Spring online training Spring online training Spring Hibernate online training Spring Hibernate online training Java online training

    spring training in chennai spring hibernate training in chennai

    ReplyDelete
  12. The blog is very nice and good content . Thanks for sharing!!!

    Home Camera Security

    ReplyDelete
  13. Really fantastic blog and article... thanks for sharing your views and information..

    Java Training in Chennai

    ReplyDelete
  14. @krams can you be more specific about ACE order

    ReplyDelete
  15. This tutorial is very good but how can we add data in ACL table without dbscript

    ReplyDelete
  16. file access control

    Add file access control and file IOs monitor to your windows application with Windows file system mini filter driver component in C#, C++ demo source code to implement your file security solution

    http://easefilter.com/

    ReplyDelete
  17. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

    core java training in Electronic City

    Hibernate Training in electronic city

    spring training in electronic city

    java j2ee training in electronic city

    ReplyDelete
  18. This is most informative and also this post most user friendly and super navigation to all posts... Thank you so much for giving this information to me.. 
    Best Devops training in sholinganallur
    Devops training in velachery
    Devops training in annanagar
    Devops training in tambaram

    ReplyDelete
  19. The site was so nice, I found out about a lot of great things. I like the way you make your blog posts. Keep up the good work and may you gain success in the long run.
    python course in pune
    python course in chennai
    python course in Bangalore

    ReplyDelete
  20. Great Article… I love to read your articles because your writing style is too good, its is very very helpful for all of us and I never get bored while reading your article because, they are becomes a more and more interesting from the starting lines until the end.

    rpa training in chennai
    Best rpa training in bangalore
    rpa course in bangalore
    rpa training in marathahalli
    rpa training in btm
    best rpa training in chennai

    ReplyDelete
  21. Hello! This is my first visit to your blog! We are a team of volunteers and starting a new initiative in a community in the same niche. Your blog provided us useful information to work on. You have done an outstanding job.
    Advanced AWS Training in Chennai | Best Amazon Web Services Training in Chennai
    Best Amazon Web Services Training Course in Bangalore | AWS Training in Bangalore
    AWS Online Training and Certification | AWS Certification Course

    ReplyDelete
  22. Great Article… I love to read your articles because your writing style is too good,
    its is very very helpful for all of us and I never get bored while reading your article because,
    they are becomes a more and more interesting from the starting lines until the end.


    Java training in Chennai

    Java training in Bangalore

    Java online training

    Java training in Pune

    ReplyDelete
  23. Attend The Python training in bangalore From ExcelR. Practical Python training in bangalore Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Python training in bangalore.
    python training in bangalore

    ReplyDelete
  24. cool stuff you have and you keep Python training in pune overhaul every one of us

    ReplyDelete
  25. Thankyou so much for the precious information you have given to us
    <a href="httsp=www.1marshal.com>Key management system in india</a>

    ReplyDelete
  26. thanks for ur valuable information,keep going touch with us

    Scaffolding dealers in chennai

    ReplyDelete
  27. Appreciating the persistence you put into your blog and detailed information you provide.

    Oracle dba training chennai | oracle dba training course chennai

    ReplyDelete
  28. Attend The Data Analytics Course in Bangalore From ExcelR. Practical Data Analytics Course in Bangalore Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Data Analytics Course in Bangalore.
    ExcelR Data Analytics Course in Bangalore

    ReplyDelete
  29. For AWS training in Bangalore, Visit:
    AWS training in Bangalore

    ReplyDelete
  30. Visit for Python training in Bangalore :- Python training in Bangalore

    ReplyDelete
  31. The effectiveness of IEEE Project Domains depends very much on the situation in which they are applied. In order to further improve IEEE Final Year Project Domains practices we need to explicitly describe and utilise our knowledge about software domains of software engineering Final Year Project Domains for CSE technologies. This paper suggests a modelling formalism for supporting systematic reuse of software engineering technologies during planning of software projects and improvement programmes in Project Centers in Chennai for CSE.

    Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Spring Framework Corporate TRaining the authors explore the idea of using Java in Big Data platforms.
    Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai

    ReplyDelete
  32. This is the exact information I am been searching for, Thanks for sharing the required infos with the clear update and required points. To appreciate this I like to share some useful information.python training in bangalore

    ReplyDelete
  33. Thank you for valuable information.I am privilaged to read this post.aws training in bangalore

    ReplyDelete
  34. It is really explainable very well and i got more information from your site.Very much useful for me to understand many concepts and helped me a lot.ServiceNow training in bangalore

    ReplyDelete
  35. Congratulations This is the great things. Thanks to giving the time to share such a nice information.best Mulesoft training in bangalore

    ReplyDelete
  36. The Information which you provided is very much useful for Agile Training Learners. Thank You for Sharing Valuable Information.Salesforce CRM Training in Bangalore

    ReplyDelete
  37. Excellent post for the people who really need information for this technology.ServiceNow training in bangalore

    ReplyDelete
  38. Very useful and information content has been shared out here, Thanks for sharing it.Mulesoft training in bangalore

    ReplyDelete
  39. Awesome post with lots of data and I have bookmarked this page for my reference. Share more ideas frequently.salesforce crm training in bangalore

    ReplyDelete
  40. Thank you for the most informative article from you to benefit people like me.Salesforce Admin Training in Bangalore

    ReplyDelete
  41. Right here is the right web site for anyone who wishes to understand this topic. You understand so much its almost hard to argue with you (not that I actually would want to…HaHa). You definitely put a fresh spin on a topic that's been written about for decades. Wonderful stuff, just excellent! onsite mobile repair bangalore Aw, this was an incredibly good post. Spending some time and actual effort to produce a very good article… but what can I say… I procrastinate a whole lot and don't manage to get nearly anything done. asus display repair bangalore I’m amazed, I must say. Rarely do I encounter a blog that’s both equally educative and entertaining, and let me tell you, you've hit the nail on the head. The issue is something that too few folks are speaking intelligently about. I am very happy I came across this during my search for something relating to this. huawei display repair bangalore

    ReplyDelete
  42. Nice post. I learn something new and challenging on websites I stumbleupon on a daily basis. It will always be exciting to read content from other authors and practice something from their web sites. online laptop repair center bangalore I blog often and I genuinely thank you for your content. This article has really peaked my interest. I'm going to take a note of your site and keep checking for new information about once a week. I opted in for your RSS feed as well. dell repair center bangalore

    ReplyDelete
  43. Pretty! This was a really wonderful article. Thanks for providing these details. macbook repair center bangalore Greetings! Very useful advice in this particular post! It's the little changes that will make the most important changes. Many thanks for sharing! acer repair center bangalore

    ReplyDelete
  44. I must appreciate you for providing such a valuable content for us. This is one amazing piece of article. Helped a lot in increasing my knowledge.aws training in bangalore

    ReplyDelete
  45. Really a awesome blog for the freshers. Thanks for posting the information.devops training in bangalore

    ReplyDelete
  46. Thank you for sharing .The data that you provided in the blog is informative and effective. aws training in bangalore

    ReplyDelete
  47. Great Article. Thank you for sharing! Really an awesome post for every one.

    IEEE Final Year projects Project Centers in Chennai are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation. For experts, it's an alternate ball game through and through. Smaller than expected IEEE Final Year project centers ground for all fragments of CSE & IT engineers hoping to assemble. Final Year Project Domains for IT It gives you tips and rules that is progressively critical to consider while choosing any final year project point.

    Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Spring Framework Corporate TRaining the authors explore the idea of using Java in Big Data platforms.
    Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai

    ReplyDelete
  48. Its really helpful for the users of this site. I am also searching about these type of sites now a days. So your site really helps me for searching the new and great stuff.

    aws training in bangalore

    aws courses in bangalore

    aws classes in bangalore

    aws training institute in bangalore

    aws course syllabus

    best aws training

    aws training centers

    ReplyDelete
  49. This is the exact information I am been searching for, Thanks for sharing the required infos with the clear update and required points. To appreciate this I like to share some useful information.

    mulesoft training in bangalore

    mulesoft courses in bangalore

    mulesoft classes in bangalore

    mulesoft training institute in bangalore

    mulesoft course syllabus

    best mulesoft training

    mulesoft training centers

    ReplyDelete
  50. Thanks for sharing it.I got Very valuable information from your blog.your post is really very Informative.I’m satisfied with the information that you provide for me.Nice post. By reading your blog, i get inspired and this provides some useful information.One of the best blogs that I have read till now.

    amazon web services (aws) training in pune india

    ReplyDelete
  51. Thanks for Sharing This Article.It is very so much valuable content. I hope these Commenting lists will help to my website
    best servicenow online training

    ReplyDelete
  52. you are posting a good information for people and keep maintain and give more update too.
    Thanks and Regards : best python training in pune | python course in pune | 3ritechnologies technologies

    ReplyDelete
  53. I am really enjoying reading your well written articles. It looks like you spend a lot of effort and time on your blog. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work.
    data analytics courses

    data science interview questions

    business analytics course

    data science course in mumbai

    ReplyDelete
  54. I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn much new stuff right here! Good luck for the next!
    Regards : Best Software Testing Course in Pune with 100% Placement

    ReplyDelete
  55. Thank you for this informative blog...
    AWS Training in Bangalore | AWS Cours | AWS Training Institutes - RIA Institute of Technology
    - Best AWS Training in Bangalore, Learn from best AWS Training Institutes in Bangalore with certified experts & get 100% assistance.

    ReplyDelete
  56. This concept is a good way to enhance the knowledge.thanks for sharing.. Great article ...Thanks for your great information, the contents are quiet interesting.
    SQL Azure Online Training
    Azure SQL Training
    SQL Azure Training

    ReplyDelete
  57. Poker online situs terbaik yang kini dapat dimainkan seperti Bandar Poker yang menyediakan beberapa situs lainnya seperti http://62.171.128.49/hondaqq/ , kemudian http://62.171.128.49/gesitqq/, http://62.171.128.49/gelangqq/, dan http://62.171.128.49/seniqq. yang paling akhir yaitu http://62.171.128.49/pokerwalet/. Jangan lupa mendaftar di panenqq silakan dicoba bosku serta salam hoki

    ReplyDelete
  58. Thanks for sharing wonderful information blog, its such a great info. keep update.
    spoken english classes
    English conversation course
    Best english programs

    ReplyDelete
  59. Who we are
    Nuevas is a company specializing in easy-to-use, practical wireless solutions for the protection and management of people, fleets of vehicles, containers and assets. Our main focus is on

    "What are our products?Nuevas is a company specializing in easy-to-use, practical wireless solutions for the protection and management of people, fleets of vehicles, containers and assets. Our main focus is on

    "
    "GPS tracking devicesGPS Vehicle Tracking System
    Comprehensive GPS Vehicle Tracking System Straight From Our Leading Team
    At present, safety is your first-hand priority. Unless you are properly covered, keeping a single foot out of your home is hazardous to your health. That’s when you have to call up for our GPS vehicle tracking system from Nuevas Technologies Pvt. Ltd. "
    "Vehicle tracking system functions on mentioned technologyFAQ's
    1. How does GPS work?
    Read more.......
    "
    "Maximizing Performance from vehicles and service representatives of our clients.Vehical tracking service Provider in Pune- India
    Keep In Touch With Your Vehicle Through Our Well-Trained Service Providers
    Read more"
    Vehicle Tracking System Manufacturer in Pune-India We are living in the era of information technology. Everything is available on single click done with your fingertip. Meanwhile, Logistic Systems have also undergone revolutionary improvements and became modern by implementing technological advancements in the 21st century. GPS i.e., Global Positioning System is gaining more significance than ever. GPS in Logistics is generally termed as Vehicle Tracking System. Let’s have a quick look on some of the key points, why this system is important in Logistics?Read more.....
    GPS vehicle tracking system dealer in Pune-India
    "RFID Tracking Devices
    "

    "Thanks for sharing such a wonderful article as i waiting for such article
    Keep on sharing the good content.Welcome to the Ozanera Products and Services Portal.Over the years we’ve seen doctors and hospitals really struggle to find reliable hospital products and services fast.
    Thank you."

    "Hospital Products
    Welcome To Our Services
    Ozanera is an initiative born out of our experience with two critical aspect of running hospitals that we realized needed a major overhaul. One is how hospitals source products and services.
    Thank you."

    "What makes us special
    In our decades of experience serving the hospital industry we realized there was a yawning gap between the talent requirements of the healthcare industry and what the industry had access to. "

    ReplyDelete
  60. This is a wonderful article, Given so much info in it, Thanks for sharing. CodeGnan offers courses in new technologies and makes sure students understand the flow of work from each and every perspective in a Real-Time environmen python training in vijayawada. , data scince training in vijayawada . , java training in vijayawada. ,

    ReplyDelete
  61. I need to to thank you for your time due to this fantastic read!! I definitely enjoyed every bit of it and I have you bookmarked to see new information on your blog.
    Java Training in Bangalore
    Ui Development Training in Bangalore

    ReplyDelete
  62. This is a wonderful article. I really enjoyed reading this article. Thanks for sharing such detailed information.
    Data Science Course
    Data Science Course in Marathahalli
    Data Science Course Training in Bangalore

    ReplyDelete
  63. nice blog
    Great Information.
    #makeupCourse #NutritionCourse #HairCourse #SpaCourse #CosmetologyCourse #NailCourse #AestheticsCourse
    Makeup Course

    ReplyDelete
  64. Second Innings Home is the first and only premium home & health care service in India. Second Innings Home proposed across the nation features a beautiful campus ideally located in a well-maintained gated community in the format of a Star Hotel with luxurious amenities. It’s convenient to enjoy the privacy and to be near the city and nearby facilities. And yet it retains a sense of community spirit and the warmth of a small community. best retirement homes in Hyderabad

    ReplyDelete
  65. KloudWIFI truly believes that reliable, fast networks have been the game changers in driving innovation, productivity and instant collaboration supported by the relentless growth of convenient cloud-hosted applications. Even with a powerful, proven network infrastructure like Cisco Meraki and Ekahau, the end user experience can only be truly optimized by considering all the internal and external factors to the end user experiences. wireless lan solutions partner in Hyderabad

    ReplyDelete
  66. keep up the good work. this is an Ossam post. This is to helpful, i have read here all post. i am impressed. thank you. this is our Data Science course in Mumbai
    data science course in mumbai | https://www.excelr.com/data-science-course-training-in-mumbai

    ReplyDelete
  67. keep up the good work. this is an Ossam post. This is to helpful, i have read here all post. i am impressed. thank you. this is our Data Science course in Mumbai
    data science course in mumbai | https://www.excelr.com/data-science-course-training-in-mumbai

    ReplyDelete
  68. Really Very helpful Post & thanks for sharing & keep up the good work.
    Oflox Is The Best Digital Marketing Company In Dehradun Or Website Design Company In Dehradun

    ReplyDelete
  69. Global Interscope is the best swimming pools designing in Hyderabad where the you can get all the facilities to improve better. Swimming pool manufacturer in Hyderabad, Execution, Equipment Supplies, Services and Lifestyle Products.

    ReplyDelete
  70. wonderful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article resolved my all queries.
    Data science Interview Questions
    Data Science Course

    ReplyDelete

  71. This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more ... good luck.
    data analytics courses

    ReplyDelete
  72. Wow!! Really a nice Article about Java. Thank you so much for your efforts. Definitely, it will be helpful for others. I would like to follow your blog. Share more like this. Thanks Again.
    Java training in chennai | Java training in annanagar | Java training in omr | Java training in porur | Java training in tambaram | Java training in velachery

    ReplyDelete
  73. Effective blog with a lot of information. I just Shared you the link below for Courses .They really provide good level of training and Placement,I just Had Data Science Classes in this institute , Just Check This Link You can get it more information about the Data Science course.


    Java training in chennai | Java training in annanagar | Java training in omr | Java training in porur | Java training in tambaram | Java training in velachery

    ReplyDelete
  74. wonderful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article resolved my all queries. keep it up.
    data analytics course in Bangalore

    ReplyDelete
  75. First of all I would like to thank you for writing this post I love both writing and reading new posts and I was just looking at new posts to see me something new, only then I saw your post and the rest of the post is praiseworthy.
    sofeeya.com

    ReplyDelete
  76. I wish that I could take an idea, research it like you and put it on paper in the same fashion that I have just read. Your ideas are fantastic.
    SAP training in Kolkata
    Best SAP training in Kolkata
    SAP training institute in Kolkata

    ReplyDelete
  77. I had to read this three times because I wanted to be sure on some of your points. I agree on almost everything here, and I am impressed with how well you wrote this article.
    SAP training in Mumbai
    Best SAP training in Mumbai
    SAP training institute Mumbai

    ReplyDelete
  78. Other content online cannot measure up to the work you have put out here. Your insight on this subject has convinced me of many of the points you have expressed. This is great unique writing.

    SEO services in kolkata
    Best SEO services in kolkata
    SEO company in kolkata
    Best SEO company in kolkata
    Top SEO company in kolkata
    Top SEO services in kolkata
    SEO services in India
    SEO copmany in India

    ReplyDelete
  79. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article inspired me to read more. keep it up.
    Correlation vs Covariance

    ReplyDelete
  80. Attend The Course in Data Analytics From ExcelR. Practical Course in Data Analytics Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Course in Data Analytics.
    Course in Data Analytics

    ReplyDelete
  81. Very interesting blog. Many blogs I see these days do not really provide anything that attracts others, but believe me the way you interact is literally awesome.You can also check my articles as well.

    Data Science In Banglore With Placements
    Data Science Course In Bangalore
    Data Science Training In Bangalore
    Best Data Science Courses In Bangalore
    Data Science Institute In Bangalore

    Thank you..

    ReplyDelete
  82. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article inspired me to read more. keep it up.
    Correlation vs Covariance
    Simple linear regression

    ReplyDelete
  83. Nice tips. Very innovative... Your post shows all your effort and great experience towards your work Your Information is Great if mastered very well.
    AWS training in chennai | AWS training in annanagar | AWS training in omr | AWS training in porur | AWS training in tambaram | AWS training in velachery

    ReplyDelete
  84. Attend The Data Analyst Course From ExcelR. Practical Data Analyst Course Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Data Analyst Course.
    Data Analyst Course

    ReplyDelete
  85. Attend The Data Analyst Course From ExcelR. Practical Data Analyst Course Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Data Analyst Course.
    Data Analyst Course

    ReplyDelete
  86. If all the writers who pen down articles would give a thought to write topic specific articles like you, then more number of readers would read their content. It is really revitalizing to find such pure and unique content in an otherwise world where most of the articles are copied.
    SAP training in Kolkata
    SAP course in kolkata

    ReplyDelete
  87. It is truly an honour to run across informational content like the one you have written. You are evidently knowledgeable on this written topic and you have unique views to share.
    SAP training in Mumbai
    SAP course in Mumbai

    ReplyDelete