Spring Security Support for pagination while using ACL based @PostFilter

Summary

When an entity repository is under ACL based security, it suffers from a huge issue of being unable to handle pagination. This has been previously been said due to how the paged result is fetched first and then ACL is applied over it which potentially would return less number of records than the page size. But this is an extremely common use case and as such a implementation would greatly benefit the community.

Actual Behavior

Currently, @PostFilter doesn't accept a Pageable type of returnObject due a failing type check. Even if the type check is overriden, it would not help since the problem with the less number of records than page size remains.

Expected Behavior

A paged response on @PostFilter should implicitly return a page of records containing only the permitted entries.

Configuration

I don't have a configuration but there is an implementation which works around this issue. But, I would prefer this to be an official implementation.

Version

This issue is present in all versions of Spring Security

Sample

https://github.com/lordlothar99/strategy-spring-security-acl provides an alternative implemetation.

Comment From: connorsadlervelo

This is a problem for us, too - will it be addressed?

Comment From: jzheaux

Thanks, @SayakMukhopadhyay and @connorsadlervelo for your interest.

This is a duplicate of https://github.com/spring-projects/spring-security/issues/2629, which is blocked by https://jira.spring.io/browse/DATACMNS-293 - please find the remaining details in those tickets.

Comment From: henesm

Any updates? The "blocking" issue is not resolved either. Any solution after 10 years ?