Spring Security SEC-1780: Drop in JPA based replacement for the JDBC ACL Security Implementation

Claude Warren (Migrated from SEC-1780) said:

I have implemented a drop in JPA based replacement for the JDBC ACL security implementation.

We had an issue where we wanted to create ACL entries and and use them within a JPA bean test. The issue we found was that the JDBC ACL implementation used a different session so we were not able to create the ACLs, use them, and roll them back in a single transaction. This implementation allows that.

The attached jar contains the SOURCE for the implementation. It does not modify any existing classes but creates jpa packages equivalent to the existing jdbc packages.

Test cases are included

The jpa-security.xml provides an example of the configuration. It does require an externally defined userDetailsService bean.

The design utilizes the JPA transactions to isolate changes until a commit occurs. The design also utilizes the DB functionality to store large ACLs.

The SQL code has been tested on MySQL.

Comment From: rwinch

Thank you for the report. We have no plans to support a JPA based implementation of our interfaces. It is easy enough for those that want to use JPA to write their own implementation of the interface.