The spring-security-acl documentation states the following:
Please note that our out-of-the-box AclService and related database classes all use ANSI SQ
As our domain classes are stored in mongodb using spring-data-mongo, we're researching for ways to implement access control lists on top of spring-data-mongodb.
From what i understand the default spring security ACL implementation relies on additional tables in the SQL database referencing tables and object IDs of existing tables. Then the framework hooks into the SQL queries and alters them to join the ACL tables constraining the result set to the currently authenticated user.
Given the fact that there are almost no resources out there on how to apply the same concept on an mongodb database (except this repo) - i'm wondering if the ACL concept can be mapped with reasonable performance to a no-sql database.
Does it just take some effort to write an ACL implementation for spring-data-mongodb no one has had the resources yet for, or are there other implications, like performance for example, which just won't let the ACL concepts properly map to mongodb?
