org.springframework.security.acl.basic
Class BasicAclProvider

java.lang.Object
  org.springframework.security.acl.basic.BasicAclProvider

All Implemented Interfaces:

InitializingBean, AclProvider

Deprecated. Use new spring-security-acl module instead

public class BasicAclProvider
extends Object
implements AclProvider, InitializingBean

Retrieves access control lists (ACL) entries for domain object instances from a data access object (DAO).

This implementation will provide ACL lookup services for any object that it can determine the AclObjectIdentity for by calling the obtainIdentity(Object) method. Subclasses can override this method if they only want the BasicAclProvider responding to particular domain object instances.

BasicAclProvider will walk an inheritance hierarchy if a BasicAclEntry returned by the DAO indicates it has a parent. NB: inheritance occurs at a domain instance object level. It does not occur at an ACL recipient level. This means allBasicAclEntrys for a given domain instance object must have the same parent identity, or allBasicAclEntrys must have null as their parent identity.

A cache should be used. This is provided by the BasicAclEntryCache. BasicAclProvider by default is setup to use the NullAclEntryCache, which performs no caching.

To implement the getAcls(Object, Authentication) method, BasicAclProvider requires a EffectiveAclsResolver to be configured against it. By default the GrantedAuthorityEffectiveAclsResolver is used.

Version:

$Id$

Author:

Ben Alex

Constructor Summary

BasicAclProvider()
Deprecated.

Method Summary

void	afterPropertiesSet() Deprecated.
AclEntry[]	getAcls(Object domainInstance) Deprecated. Obtains the ACLs that apply to the specified domain instance.
AclEntry[]	getAcls(Object domainInstance, Authentication authentication) Deprecated. Obtains the ACLs that apply to the specified domain instance and presented Authentication object.
BasicAclDao	getBasicAclDao() Deprecated.
BasicAclEntryCache	getBasicAclEntryCache() Deprecated.
Class	getDefaultAclObjectIdentityClass() Deprecated.
EffectiveAclsResolver	getEffectiveAclsResolver() Deprecated.
Class	getRestrictSupportToClass() Deprecated.
protected AclObjectIdentity	obtainIdentity(Object domainInstance) Deprecated. This method looks up the AclObjectIdentity of a passed domain object instance.
void	setBasicAclDao(BasicAclDao basicAclDao) Deprecated.
void	setBasicAclEntryCache(BasicAclEntryCache basicAclEntryCache) Deprecated.
void	setDefaultAclObjectIdentityClass(Class defaultAclObjectIdentityClass) Deprecated. Allows selection of the AclObjectIdentity class that an attempt should be made to construct if the passed object does not implement AclObjectIdentityAware.
void	setEffectiveAclsResolver(EffectiveAclsResolver effectiveAclsResolver) Deprecated.
void	setRestrictSupportToClass(Class restrictSupportToClass) Deprecated. If set to a value other than null, the supports(Object) method will only support the indicates class.
boolean	supports(Object domainInstance) Deprecated. Indicates support for the passed object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BasicAclProvider

public BasicAclProvider()

Deprecated.

Method Detail

afterPropertiesSet

public void afterPropertiesSet()

Deprecated.

Specified by:

afterPropertiesSet in interface InitializingBean

getAcls

public AclEntry[] getAcls(Object domainInstance)

Deprecated.

Description copied from interface: AclProvider

Obtains the ACLs that apply to the specified domain instance.

Will never be called unless the AclProvider.supports(Object) method returned true.

Specified by:

getAcls in interface AclProvider

Parameters:

domainInstance - the instance for which ACL information is required (never null)

Returns:

the ACLs that apply, or null if no ACLs apply to the specified domain instance

getAcls

public AclEntry[] getAcls(Object domainInstance,
                          Authentication authentication)

Deprecated.

Description copied from interface: AclProvider

Obtains the ACLs that apply to the specified domain instance and presented Authentication object.

Will never be called unless the AclProvider.supports(Object) method returned true.

Specified by:

getAcls in interface AclProvider

Parameters:

domainInstance - the instance for which ACL information is required (never null)

authentication - the prncipal for which ACL information should be filtered (never null)

Returns:

only those ACLs applying to the domain instance that have been granted to the principal (or null) if no such ACLs are found

getBasicAclDao

public BasicAclDao getBasicAclDao()

Deprecated.

getBasicAclEntryCache

public BasicAclEntryCache getBasicAclEntryCache()

Deprecated.

getDefaultAclObjectIdentityClass

public Class getDefaultAclObjectIdentityClass()

Deprecated.

getEffectiveAclsResolver

public EffectiveAclsResolver getEffectiveAclsResolver()

Deprecated.

getRestrictSupportToClass

public Class getRestrictSupportToClass()

Deprecated.

obtainIdentity

protected AclObjectIdentity obtainIdentity(Object domainInstance)

Deprecated.

This method looks up the AclObjectIdentity of a passed domain object instance.

This implementation attempts to obtain the AclObjectIdentity via reflection inspection of the class for the AclObjectIdentityAware interface. If this fails, an attempt is made to construct a getDefaultAclObjectIdentityClass() object by passing the domain instance object into its constructor.

Parameters:

domainInstance - the domain object instance (never null)

Returns:

an ACL object identity, or null if one could not be obtained

setBasicAclDao

public void setBasicAclDao(BasicAclDao basicAclDao)

Deprecated.

setBasicAclEntryCache

public void setBasicAclEntryCache(BasicAclEntryCache basicAclEntryCache)

Deprecated.

setDefaultAclObjectIdentityClass

public void setDefaultAclObjectIdentityClass(Class defaultAclObjectIdentityClass)

Deprecated.

Allows selection of the AclObjectIdentity class that an attempt should be made to construct if the passed object does not implement AclObjectIdentityAware.

NB: Any defaultAclObjectIdentityClassmust provide a public constructor that accepts an Object. Otherwise it is not possible for the BasicAclProvider to try to create the AclObjectIdentity instance at runtime.

Parameters:

defaultAclObjectIdentityClass -

setEffectiveAclsResolver

public void setEffectiveAclsResolver(EffectiveAclsResolver effectiveAclsResolver)

Deprecated.

setRestrictSupportToClass

public void setRestrictSupportToClass(Class restrictSupportToClass)

Deprecated.

If set to a value other than null, the supports(Object) method will only support the indicates class. This is useful if you wish to wire multiple BasicAclProviders in a list of AclProviderManager.providers but only have particular instances respond to particular domain object types.

Parameters:

restrictSupportToClass - the class to restrict this BasicAclProvider to service request for, or null (the default) if the BasicAclProvider should respond to every class presented

supports

public boolean supports(Object domainInstance)

Deprecated.

Indicates support for the passed object.

An object will only be supported if it (i) is allowed to be supported as defined by the setRestrictSupportToClass(Class) method, and (ii) if an AclObjectIdentity is returned by obtainIdentity(Object) for that object.

Specified by:

supports in interface AclProvider

Parameters:

domainInstance - the instance to check

Returns:

true if this provider supports the passed object, false otherwise