File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Spring and the fly likes Extension to ACL in Spring Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Extension to ACL in Spring Security" Watch "Extension to ACL in Spring Security" New topic

Extension to ACL in Spring Security

sourabh girdhar
Ranch Hand

Joined: Feb 10, 2010
Posts: 71


First of all thanks for coming with a very nice book.

I have one question that just like in Spring security we have ACLs in our firm we have our own group management that is enterprise user control list. Our system exposes some API to applications useing it and also connects to LDAP for lot of info.

Is there any provision to extend the concept of ACL, so that if in future if we plan to implement spring security at enterprise level it could be easier for us.

As we discovered that spring security provides a lot of features around ACL and LDAP. We already use Spring in most of our applications so it could be a new milestone in our security system.

Sourabh Girdhar

The significant problems we face cannot be solved by the same level of thinking that created them -- Albert Einstein

Peter Mularien
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Hi Sourabh,

Thanks for the compliments!

The Spring Security ACL subsystem is certainly intended to be extended (in the truest OO sense) to develop whatever functionality your business unit might need. It comes out of the box with a very flexible system of inheritance and user/group/data relationship modeling that is likely to satify many common scenarios.

That said, it's very complex code which is written in a different style than most of the rest of Spring Security, and many new developers have a hard time getting their heads around it, so please do keep in mind the learning curve when rolling this out, especially to more junior developers.

The difficulty of understanding this part of the framework is one of the reasons I felt strongly about dedicating a whole chapter to ACLs in the book - this wasn't originally what I planned, but after reviewing the complexity of the code, I felt that I couldn't do justice to explaining it without having (checking my notes) about 35 pages of material on it

Hope that answers your question!


Author, Spring Security 3 (the Book), Packt Publishing, 2010
sourabh girdhar
Ranch Hand

Joined: Feb 10, 2010
Posts: 71

Thanks Peter !!
That answers my question in a perfect way and hopefully we shall be able to integrate Spring security after digging into more details through your book and Spring reference.

Thanks and Cheers

Ashish Anant Patil

Joined: Mar 17, 2013
Posts: 7
can i have reference to that book..
I agree. Here's the link:
subject: Extension to ACL in Spring Security
jQuery in Action, 3rd edition