1

I'm reading about Spring Security ACL lib and I am a bit confused about some concepts. Regarding SIDs, it states to my confusion:

ACL_SID allows us to uniquely identify any principal or authority in the system ("SID" stands for "security identity"). The only columns are the ID, a textual representation of the SID, and a flag to indicate whether the textual representation refers to a prncipal name or a GrantedAuthority.

So is principal the same as role? Is GrantedAuthority an equal concept or a particular role? Does a boolean field principal = true mean that the identifier has semantical value or simply that it is a role within the system?. If so, why do you want to store SIDs that are not accounted in the system?

Whimusical
  • 6,401
  • 11
  • 62
  • 105

1 Answers1

4

An ACL (Access Control List) consists of a number of entries (rules), where every entry references a sid, which is a user or a group of users to apply the entry/rule for.

  • If the principal field is set to true, the sid is a principal, that is a single user. The sid field then contains the username.

  • If the principal field is set to false, the sid is an authority, for example ROLE_ADMIN. A GrantedAuthority is basically the same as a role (a role is a kind of authority).

holmis83
  • 15,922
  • 5
  • 82
  • 83