spring-securityehcacheehcache-3spring-security-acl

Spring Security ACL with EhCache 3


I tried to update to EhCache 3, but noticed that my AclConfig for spring-security-acl no longer works. The reason is EhCacheBasedAclCache still uses import net.sf.ehcache.Ehcache. EhCache moved to org.ehcache since version 3 and thus this no longer works. Is there a replacement class provided by spring for EhCache 3 or would i need to implement my own Acl Cache? This is the code, which no longer works:

@Bean
public EhCacheBasedAclCache aclCache() {
    return new EhCacheBasedAclCache(aclEhCacheFactoryBean().getObject(),
            permissionGrantingStrategy(), aclAuthorizationStrategy());
}

Solution

  • I added bounty to your question because I'm also looking for a more authoritative answer.
    Here's a solution that works, but there could be a better approach & cache settings could be tuned specifically for acl.

    1. The JdbcMutableAclService accepts any AclCache implementation, not just EhCacheBasedAclCache. Immediately available implementation is SpringCacheBasedAclCache. You could also implement your own.

    2. Enable ehcache3 in your project with Spring Cache as abstraction. In Spring Boot this is as simple as using @EnableCaching (not @EnableCache) annotation. Then add @Autowired CacheManager cacheManager in your bean configuration class.

    3. Update your ehcache3.xml with entry for aclCache
      note - key is Serializable because Spring acl inserts cache entries keyed on both Long and ObjectIdentity :)

        <cache alias="aclCache">
            <key-type>java.io.Serializable</key-type>
            <value-type>org.springframework.security.acls.model.MutableAcl</value-type>
            <expiry>
                <ttl unit="seconds">3600</ttl>
            </expiry>
            <resources>
                <heap unit="entries">2000</heap>
                <offheap unit="MB">10</offheap>
            </resources>
        </cache>
    
    1. Replace your EhCacheBasedAclCache bean with SpringCacheBasedAclCache like so:
        @Bean
        public AclCache aclCache() {
            return new SpringCacheBasedAclCache(
                    cacheManager.getCache("aclCache"), 
                    permissionGrantingStrategy(), 
                    aclAuthorizationStrategy());        
        }
    
    1. Use aclCache() in JdbcMutableAclService constructor