0

how can i delete user access in spring security acl using mutableAclService . is this code is ok 

private  void deleteEntry(Long id){

        ObjectIdentity objectIdentity = new ObjectIdentityImpl(OrganizationStructure.class, id);

        Sid user = new PrincipalSid("admin");
        Permission p1 = BasePermission.READ;

        try {
            MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
            acl.getEntries().forEach(c->{
                System.out.println(c.toString());
                if(c.getSid().equals(user))
                    acl.getEntries().remove(c);
            });
            mutableAclService.updateAcl(acl);

        } catch (NotFoundException nfe) {
        }

    }
ali akbar azizkhani
  • 2,213
  • 5
  • 31
  • 48

2 Answers2

5

The above code will fail if there are several access control entries for the same SID in the list. Also you may want to completely delete ACL if there are no entries left in it. Here is a bit improved version:

    ObjectIdentity oi = new ObjectIdentityImpl(objectClass, objectId);
    try {
        MutableAcl acl = (MutableAcl) aclService.readAclById(oi);
        List<AccessControlEntry> aclEntries = acl.getEntries();
        for (int i = aclEntries.size() - 1; i >= 0; i--) {
            AccessControlEntry ace = aclEntries.get(i);
            if (ace.getSid().equals(sid)) {
                acl.deleteAce(i);
            }
        }
        if (acl.getEntries().isEmpty()) {
            aclService.deleteAcl(oi, true);
        }
        aclService.updateAcl(acl);
    } catch (NotFoundException ignore) {
    }
Nikolay Bondarchuk
  • 101
  • 1
  • 4
1

After try i find how can i remove entry

private void deleteEntry(Long id) {
        ObjectIdentity objectIdentity = new ObjectIdentityImpl(OrganizationStructure.class, id);
        Sid user = new PrincipalSid(SecurityUtility.getAuthenticatedUser().getUsername());
        try {
            MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
            Consumer<AccessControlEntry> style = (AccessControlEntry p) -> System.out.println("id:"+p.getSid());
            acl.getEntries().forEach(style);

            for (int i = 0; i < acl.getEntries().size(); i++) {
                if (acl.getEntries().get(i).getSid().toString().equals(user.toString())) {
                    acl.deleteAce(i);
                    break;
                }
            }

            acl.getEntries().forEach(style);
            mutableAclService.updateAcl(acl);
        } catch (NotFoundException nfe) {
        }

    }
ali akbar azizkhani
  • 2,213
  • 5
  • 31
  • 48