Skip to content

feat(security): Tier 5c — ACL / domain-object security [26.6.35] #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ancongui merged 3 commits into from
Jun 19, 2026
Merged

feat(security): Tier 5c — ACL / domain-object security [26.6.35] #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8138b84
feat(security): Tier 5c — ACL / domain-object security [T5c.1]
Jun 19, 2026
6411aee
fix(security): harden Tier 5c ACL from adversarial review [T5c.2]
Jun 19, 2026
26a4063
release: v26.6.35 — Tier 5c ACL / domain-object security
Jun 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,43 @@

All notable changes to the Firefly Framework for Rust.

## v26.6.35 — 2026-06-20

**Spring Security parity — Tier 5c: ACL / domain-object security.** The Rust
analog of `spring-security-acl`, answering `hasPermission(object, permission)`
from per-object access-control lists. Pure Rust — no new dependencies. All
additive. Adversarially reviewed before release.

### Added

- **ACL core** (`spring-security-acl` parity):
- **`Permission`** — the `BasePermission` bitmask (`READ`=1, `WRITE`=2,
`CREATE`=4, `DELETE`=8, `ADMINISTRATION`=16), with cumulative `union`,
bit-`contains`, and case-insensitive name parsing.
- **`Sid`** (`Principal` / `Authority` — Spring's `PrincipalSid` /
`GrantedAuthoritySid`), **`ObjectIdentity`** (`type` + `identifier`),
**`AccessControlEntry`** (sid + permission + granting), and **`Acl`** (owner
+ ordered ACEs + optional parent for inheritance).
- **`AclService`** + **`InMemoryAclService`** (Spring's `MutableAclService`),
and the free **`is_granted`** resolver.
- **`AclPermissionEvaluator`** — bridges an `AclService` to the Tier 3
`PermissionEvaluator`, resolving `hasPermission(...)` against per-object ACLs
by object reference *or* `(type, id)`. The principal and its roles/authorities
map to `PrincipalSid` / `GrantedAuthoritySid` (each role matched both bare and
`ROLE_`-prefixed).
- **`PermissionEvaluator::has_permission_for_id`** + the free
**`has_permission_for_id`** — Spring's id-based `hasPermission` overload
(default-deny, backward compatible).

### Security

- ACL evaluation is **default-deny**: a permission is granted only when an
applicable *granting* entry is found (locally or up the inheritance chain);
the **first entry matching a `(sid, permission)` wins**, so a deny placed
before a grant takes precedence (Spring's `DefaultPermissionGrantingStrategy`).
The inheritance walk is **bounded**, so a cyclic or pathologically deep parent
chain terminates and denies rather than looping.

## v26.6.34 — 2026-06-19

**Spring Security parity — Tier 5a: LDAP / Active Directory authentication.**
Expand Down
Loading
Loading