Support for pagination while using ACL based @PostFilter #6736
Assignees
Labels
Comments
spring-projects-issues
added
the
status: waiting-for-triage
|
This is a problem for us, too - will it be addressed? |
|
Thanks, @SayakMukhopadhyay and @connorsadlervelo for your interest. This is a duplicate of #2629, which is blocked by https://jira.spring.io/browse/DATACMNS-293 - please find the remaining details in those tickets. |
jzheaux
added
status: duplicate
|
Any updates? The "blocking" issue is not resolved either. Any solution after 10 years ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When an entity repository is under ACL based security, it suffers from a huge issue of being unable to handle pagination. This has been previously been said due to how the paged result is fetched first and then ACL is applied over it which potentially would return less number of records than the page size. But this is an extremely common use case and as such a implementation would greatly benefit the community.
Actual Behavior
Currently,
@PostFilterdoesn't accept aPageabletype ofreturnObjectdue a failing type check. Even if the type check is overriden, it would not help since the problem with the less number of records than page size remains.Expected Behavior
A paged response on
@PostFiltershould implicitly return a page of records containing only the permitted entries.Configuration
I don't have a configuration but there is an implementation which works around this issue. But, I would prefer this to be an official implementation.
Version
This issue is present in all versions of Spring Security
Sample
https://github.com/lordlothar99/strategy-spring-security-acl provides an alternative implemetation.
The text was updated successfully, but these errors were encountered: