org.springframework.security.acls
Class AclPermissionEvaluator

java.lang.Object
  extended by org.springframework.security.acls.AclPermissionEvaluator
All Implemented Interfaces:
PermissionEvaluator

public class AclPermissionEvaluator
extends Object
implements PermissionEvaluator

Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module. Similar in behaviour to AclEntryVoter.

Since:
3.0
Version:
$Id: AclPermissionEvaluator.java 3900 2009-09-16 15:32:17Z ltaylor $
Author:
Luke Taylor

Constructor Summary
AclPermissionEvaluator(AclService aclService)
           
 
Method Summary
 boolean hasPermission(Authentication authentication, Object domainObject, Object permission)
          Determines whether the user has the given permission(s) on the domain object using the ACL configuration.
 boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission)
          Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
 void setObjectIdentityGenerator(ObjectIdentityGenerator objectIdentityGenerator)
           
 void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
           
 void setPermissionFactory(PermissionFactory permissionFactory)
           
 void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AclPermissionEvaluator

public AclPermissionEvaluator(AclService aclService)
Method Detail

hasPermission

public boolean hasPermission(Authentication authentication,
                             Object domainObject,
                             Object permission)
Determines whether the user has the given permission(s) on the domain object using the ACL configuration. If the domain object is null, returns false (this can always be overridden using a null check in the expression itself).

Specified by:
hasPermission in interface PermissionEvaluator
Parameters:
authentication - represents the user in question. Should not be null.
domainObject - the domain object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.
permission - a representation of the permission object as supplied by the expression system. Not null.
Returns:
true if the permission is granted, false otherwise

hasPermission

public boolean hasPermission(Authentication authentication,
                             Serializable targetId,
                             String targetType,
                             Object permission)
Description copied from interface: PermissionEvaluator
Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.

Specified by:
hasPermission in interface PermissionEvaluator
Parameters:
authentication - represents the user in question. Should not be null.
targetId - the identifier for the object instance (usually a Long)
targetType - a String representing the target's type (usually a Java classname). Not null.
permission - a representation of the permission object as supplied by the expression system. Not null.
Returns:
true if the permission is granted, false otherwise

setObjectIdentityRetrievalStrategy

public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)

setObjectIdentityGenerator

public void setObjectIdentityGenerator(ObjectIdentityGenerator objectIdentityGenerator)

setSidRetrievalStrategy

public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)

setPermissionFactory

public void setPermissionFactory(PermissionFactory permissionFactory)


Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.