Running on grails 3.1.1 with groovy 2.4.5 and java 1.8

using those versions of the plugins

compile 'org.grails.plugins:spring-security-core:3.0.3'
runtime 'org.grails.plugins:spring-security-acl:3.0.1'

I got an error with the following message:

s2-create-acl-domains| Error Command [s2-create-acl-domains] error: Error rendering template [_AclClass.groovy] to destination domain/grails/plugin/springsecurity/acl/AclClass.groovy: No such property: id for class: groovy.lang.Binding

It is created at the root level the folder /domain/grails/plugin/springsecurityh/acl

I guess that acl plugin (3.0.1) is not compatible with grails 3.1.1

I was trying to follow up the tutorial that comes with this application and received startup failed exception. Stacktrace attached.
trace.txt

Cannot use this plugin with Grails 3.1.x -> Caused by: java.lang.ClassNotFoundException: org.grails.datastore.gorm.GormEntity$Trait$FieldHelper

According to: https://grails.org/single-page-documentation.html chapter: 3.1
there is an issue:

You are using a plugin or class that was compiled with a previous version of GORM and these will need to be recompiled to be Grails 3.1 and GORM 5 compatible.

Please, move test.TestReport.groovy to test folder

When i call

 aclService.createAcl(
                     objectIdentityRetrievalStrategy.getObjectIdentity(report)
            )

with the report domain having a UUID primary key, i get the exception,

Argument [grails.plugin.springsecurity.acl.AclSid(sid:admin, principal:true, id:null, properties:[sid:admin, principal:true], dirty:false, dirtyPropertyNames:[], attached:false, errors:org.grails.datastore.mapping.validation.ValidationErrors: 0 errors)] is not an instance of [class grails.plugin.springsecurity.acl.AclSid] which this validator is configured for

Anybody experienced this or has anybody used this plugin with String identifiers?

Version 3.2.3 of grails-spring-security-core will be released soon.

The version number of the referenced dependency needs to be updated.

I have an app with a bunch of existing domain objects/records I'm trying to add ACL to.

I created a method that grants permissions. Within the method is a catch block for NotFoundException which calls aclUtilService.addPermission().

From the best I trace out
acl.stacktrace.txt
, addPermission should call aclService.createAcl(oid) which should create the object identity and on down the stack to eventually .save()ing all the necessary objects.

But it doesn't.

When running my app with logSql turned on, I see a lot of selects, but no inserts. At the end of AclService.createAcl() (https://github.com/grails-plugins/grails-spring-security-acl/blob/master/plugin/grails-app/services/grails/plugin/springsecurity/acl/AclService.groovy#L84) is a call to readAclById(). This fails with a NotFoundException.

I see where the .save()s are done there is some error logging, but I don't see those log messages.

Is the Hibernate session not being flushed? Some other configuration switch I'm forgetting? FWIW, I'm using Oracle 12c as my database.

Attached is the SQL log & stack trace. The "About to create... " line is printed just before the call to aclUtilService.addPermission().

Hi ,

My Grails application fails to start up after including compile 'org.grails.plugins:spring-security-acl:3.0.1'.

I am using

1. Grails Version: 3.1.10

Stack trace is below

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'grailsApplicationPostProcessor' defined in propertyservice.Application: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [grails.boot.config.GrailsApplicationPostProcessor]: Factory method 'grailsApplicationPostProcessor' threw exception; nested exception is grails.plugins.exceptions.PluginException: Failed to initialize class [grails.plugin.springsecurity.acl.AclSid] from plugin [springSecurityAcl] : org/grails/datastore/gorm/GormEntity$Trait$FieldHelper
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:120)
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:678)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:520)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:118)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:760)
at org.springframework.boot.SpringApplication.createAndRefreshContext(SpringApplication.java:360)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:306)
at grails.boot.GrailsApp.run(GrailsApp.groovy:55)
at grails.boot.GrailsApp.run(GrailsApp.groovy:374)
at grails.boot.GrailsApp.run(GrailsApp.groovy:363)
at grails.boot.GrailsApp$run.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
at propertyservice.Application.main(Application.groovy:16)
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [grails.boot.config.GrailsApplicationPostProcessor]: Factory method 'grailsApplicationPostProcessor' threw exception; nested exception is grails.plugins.exceptions.PluginException: Failed to initialize class [grails.plugin.springsecurity.acl.AclSid] from plugin [springSecurityAcl] : org/grails/datastore/gorm/GormEntity$Trait$FieldHelper
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
... 23 common frames omitted
Caused by: grails.plugins.exceptions.PluginException: Failed to initialize class [grails.plugin.springsecurity.acl.AclSid] from plugin [springSecurityAcl] : org/grails/datastore/gorm/GormEntity$Trait$FieldHelper
at org.grails.plugins.BinaryGrailsPlugin.initializeProvidedArtefacts(BinaryGrailsPlugin.java:169)
at org.grails.plugins.BinaryGrailsPlugin.(BinaryGrailsPlugin.java:103)
at grails.plugins.DefaultGrailsPluginManager.createBinaryGrailsPlugin(DefaultGrailsPluginManager.java:391)
at grails.plugins.DefaultGrailsPluginManager.findCorePlugins(DefaultGrailsPluginManager.java:378)
at grails.plugins.DefaultGrailsPluginManager.attemptLoadPlugins(DefaultGrailsPluginManager.java:330)
at grails.plugins.DefaultGrailsPluginManager.loadPlugins(DefaultGrailsPluginManager.java:240)
at grails.boot.config.GrailsApplicationPostProcessor.initializeGrailsApplication(GrailsApplicationPostProcessor.groovy:84)
at grails.boot.config.GrailsApplicationPostProcessor.setApplicationContext(GrailsApplicationPostProcessor.groovy:208)
at grails.boot.config.GrailsApplicationPostProcessor.(GrailsApplicationPostProcessor.groovy:73)
at grails.boot.config.GrailsAutoConfiguration.grailsApplicationPostProcessor(GrailsAutoConfiguration.groovy:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
... 24 common frames omitted
Caused by: java.lang.NoClassDefFoundError: org/grails/datastore/gorm/GormEntity$Trait$FieldHelper
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
at java.net.URLClassLoader$1.run(URLClassLoader.java:368)
at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
at java.lang.ClassLoader.loadClass(ClassLoader.java:411)
at groovy.lang.GroovyClassLoader.loadClass(GroovyClassLoader.java:677)
at groovy.lang.GroovyClassLoader.loadClass(GroovyClassLoader.java:787)
at groovy.lang.GroovyClassLoader.loadClass(GroovyClassLoader.java:775)
at org.grails.plugins.BinaryGrailsPlugin.initializeProvidedArtefacts(BinaryGrailsPlugin.java:167)
... 38 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.grails.datastore.gorm.GormEntity$Trait$FieldHelper
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 54 common frames omitted

In AclAutoProxyCreator#afterPropertiesSet a list of beanNames is collected from the service class names.

This list is later used to decide about creating a proxy for this bean in getAdvicesAndAdvisorsForBean.

The name matching fails for all services that are not declared directly in the project but in a grails plugin.
See ServicesGrailsPlugin line 62: If the service class is defined in a plugin then the plugin-name is prepended to the bean name.
Finally the names won't match. To me it looks like it could be corrected by employing the same logic as in the ServicesGrailsPlugin for the naming beans when creating the beanNames list.

In consequence of this problem annotations such as @PreAuthorize are just ignored on these services (depending on your code it can have an impact on application security).

In my particular use-case I'll refactor to not use annotations in the plugin, so I leave this github-issue here just as a hint for others.

Execute the following code in the Grails web console to reproduce the exception

DomainO.withTransaction {
        DomainO anyDomainOWithAclEntry = DomainO.first() //we assume there exists an ACL entry for anyDomainOWithAclEntry
        ctx.aclCache.clearCache() // the problem only occurs if the ACL is not yet cached. We therefore clear the cache first to make sure it happens
        println ctx.aclUtilService.readAcl(anyDomainOWithAclEntry)
        ctx.aclUtilService.deleteAcl(anyDomainOWithAclEntry)
}

Workaround or fix:

edit class AclService.deleteEntries() accordingly:

//replace the following line
AclEntry.where { aclObjectIdentity == oid }.deleteAll()
//with 
AclEntry.findAllByAclObjectIdentity(oid)*.delete()
//which does not use DML statements and updates first level cache correctly

Method AclObjectIdentityGormService::findAllByParentObjectIdAndParentAclClassName() searches now AclObjectIdentity objects so, that ALL objects of AclObjectIdentity are retrieved, and then the result is searched in this list (see below):

    @CompileDynamic
    @ReadOnly
    List<AclObjectIdentity> findAllByParentObjectIdAndParentAclClassName(Long objectId, String aclClassName) {
        //findQueryByParentObjectIdAndParentAclClassName(objectId, aclClassName).list()
        List<AclObjectIdentity> aclObjectIdentityList = findAll()
        aclObjectIdentityList.findAll { AclObjectIdentity oid ->
            (oid?.parent?.aclClass?.className == aclClassName) &&  ( oid?.parent?.objectId == objectId)
        }
    }

This method calls AclObjectIdentityGormService::findAll(), which retrieves all AclObjectIdentity objects. Since we have about 30'000 AclObjectIdentity objects (this amount still increases), then all these objects are in hibernate session, which causes performance problems.

As a workaround, we have created our own bean inherited from AclObjectIdentityGormService, where findAllByParentObjectIdAndParentAclClassName() is overloaded and uses findQueryByParentObjectIdAndParentAclClassName() as it was earlier in the plugin before the commit 4d53a88 from 1. Dec 2017 by @sdelamo has been made.

We don't know, what was the reason of using findAll() here, but we think that such approach is algorithmically unhappy. Could you help us to solve this problem correctly, please?

steps to reproduce:

• bootstrap a new Grails 3.3 app
• add the following plugins to build.gradle

    compile 'org.grails.plugins:spring-security-core:3.2.0.M1'
    compile 'org.grails.plugins:spring-security-acl:3.1.1'

• start the app

exceptions during startup is thrown:

Configuring Spring Security ACL ...
2017-09-22 12:14:25.074 ERROR --- [           main] o.s.boot.SpringApplication               : Application startup failed

java.lang.NullPointerException: null
	at java.beans.Introspector.getPublicDeclaredMethods(Introspector.java:1337)
	at java.beans.Introspector.getTargetMethodInfo(Introspector.java:1197)
	at java.beans.Introspector.getBeanInfo(Introspector.java:426)
	at java.beans.Introspector.getBeanInfo(Introspector.java:173)
	at groovy.lang.MetaClassImpl$15.run(MetaClassImpl.java:3313)
	at java.security.AccessController.doPrivileged(Native Method)
	at groovy.lang.MetaClassImpl.addProperties(MetaClassImpl.java:3311)
	at groovy.lang.MetaClassImpl.initialize(MetaClassImpl.java:3288)
	at org.codehaus.groovy.reflection.ClassInfo.getMetaClassUnderLock(ClassInfo.java:260)
	at org.codehaus.groovy.reflection.ClassInfo.getMetaClass(ClassInfo.java:302)
	at org.codehaus.groovy.runtime.metaclass.MetaClassRegistryImpl.getMetaClass(MetaClassRegistryImpl.java:261)
	at org.codehaus.groovy.runtime.InvokerHelper.getMetaClass(InvokerHelper.java:883)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.createCallStaticSite(CallSiteArray.java:75)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.createCallSite(CallSiteArray.java:162)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
	at grails.plugin.springsecurity.acl.SpringSecurityAclGrailsPlugin.findAclVoterAnnotations(SpringSecurityAclGrailsPlugin.groovy:423)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1426)
	at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210)
	at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:59)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:52)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:154)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:166)
	at grails.plugin.springsecurity.acl.SpringSecurityAclGrailsPlugin.buildVoterConfig(SpringSecurityAclGrailsPlugin.groovy:402)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1426)
	at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
	at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
	at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:384)
	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
	at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:69)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:52)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:154)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:166)
	at grails.plugin.springsecurity.acl.SpringSecurityAclGrailsPlugin$_doWithSpring_closure5.doCall(SpringSecurityAclGrailsPlugin.groovy:103)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1426)
	at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
	at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
	at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294)
	at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
	at groovy.lang.Closure.call(Closure.java:414)
	at groovy.lang.Closure.call(Closure.java:408)
	at grails.spring.BeanBuilder.invokeBeanDefiningClosure(BeanBuilder.java:759)
	at grails.spring.BeanBuilder.beans(BeanBuilder.java:588)
	at grails.spring.BeanBuilder.invokeMethod(BeanBuilder.java:531)
	at org.grails.plugins.DefaultGrailsPlugin.doWithRuntimeConfiguration(DefaultGrailsPlugin.java:559)
	at org.grails.plugins.AbstractGrailsPluginManager.doRuntimeConfiguration(AbstractGrailsPluginManager.java:167)
	at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:171)
	at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:118)
	at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
	at grails.boot.GrailsApp.run(GrailsApp.groovy:83)
	at grails.boot.GrailsApp.run(GrailsApp.groovy:388)
	at grails.boot.GrailsApp.run(GrailsApp.groovy:375)
	at grails.boot.GrailsApp$run.call(Unknown Source)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
	at grails33app.Application.main(Application.groovy:8)

2017-09-22 12:14:25.079 ERROR --- [           main] o.s.b.f.s.DefaultListableBeanFactory     : Destroy method on bean with name 'grailsApplicationPostProcessor' threw an exception

this doesn't happen without the acl plugin

Hello everyone,

He implemented the ACL and reviewed the example of Issue # 32, and after trying and testing I can not know what is going on with my code.

Implemented ACL in my project, in which I use Grails 3.3.2 and a MariaDB database

If we start the application and enter data, the data will be correctly registered in its corresponding ACL tables and in its corresponding domain class tables.

But, if we turn off the application and turn it on again, when we bring lists filtering them by ACL and these lists return more than one object, it returns the following exception:

Class org.springframework.security.acls.model.NotFoundException Message null Caused by Unable to find ACL information for object identity 'org.springframework.security.acls.domain.ObjectIdentityImpl[Type: com.sample.test.Proyecto; Identifier: 2]'

Indicating that you can not find that information in the ACL, but this is not true because it does exist.

What's going on? Can anybody help me?

@sdelamo Can you help me?

I'm working on a really old app that is still running Grails 1.3.7, and whos application.properties file still has this line
plugins.spring-security-acl=1.1

When I try to generate the war, I'm running into this error
org.grails.plugins#spring-security-acl;1.1.0: not found

Is there a way to get this working again?