如何使用 mutableAclService 删除 Spring 安全 ACL 中的用户访问权限。这段代码可以吗
private void deleteEntry(Long id){
ObjectIdentity objectIdentity = new ObjectIdentityImpl(OrganizationStructure.class, id);
Sid user = new PrincipalSid("admin");
Permission p1 = BasePermission.READ;
try {
MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
acl.getEntries().forEach(c->{
System.out.println(c.toString());
if(c.getSid().equals(user))
acl.getEntries().remove(c);
});
mutableAclService.updateAcl(acl);
} catch (NotFoundException nfe) {
}
}
如果列表中有多个针对同一 SID 的访问控制条目,则上述代码将失败。此外,如果 ACL 中没有剩余条目,您可能希望完全删除它。这是一个改进的版本:
ObjectIdentity oi = new ObjectIdentityImpl(objectClass, objectId);
try {
MutableAcl acl = (MutableAcl) aclService.readAclById(oi);
List<AccessControlEntry> aclEntries = acl.getEntries();
for (int i = aclEntries.size() - 1; i >= 0; i--) {
AccessControlEntry ace = aclEntries.get(i);
if (ace.getSid().equals(sid)) {
acl.deleteAce(i);
}
}
if (acl.getEntries().isEmpty()) {
aclService.deleteAcl(oi, true);
}
aclService.updateAcl(acl);
} catch (NotFoundException ignore) {
}
尝试后,我发现如何删除条目
private void deleteEntry(Long id) {
ObjectIdentity objectIdentity = new ObjectIdentityImpl(OrganizationStructure.class, id);
Sid user = new PrincipalSid(SecurityUtility.getAuthenticatedUser().getUsername());
try {
MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
Consumer<AccessControlEntry> style = (AccessControlEntry p) -> System.out.println("id:"+p.getSid());
acl.getEntries().forEach(style);
for (int i = 0; i < acl.getEntries().size(); i++) {
if (acl.getEntries().get(i).getSid().toString().equals(user.toString())) {
acl.deleteAce(i);
break;
}
}
acl.getEntries().forEach(style);
mutableAclService.updateAcl(acl);
} catch (NotFoundException nfe) {
}
}