org.springframework.security.acls

Class AclPermissionEvaluator

java.lang.Object

org.springframework.security.acls.AclPermissionEvaluator

All Implemented Interfaces:

org.springframework.aop.framework.AopInfrastructureBean, PermissionEvaluator

public class AclPermissionEvaluator
extends java.lang.Object
implements PermissionEvaluator

Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module. Similar in behaviour to AclEntryVoter.

Since:

3.0

Constructor Summary

Constructors

Constructor and Description
AclPermissionEvaluator(AclService aclService)

Method Summary

Modifier and Type	Method and Description
boolean	hasPermission(Authentication authentication, java.lang.Object domainObject, java.lang.Object permission) Determines whether the user has the given permission(s) on the domain object using the ACL configuration.
boolean	hasPermission(Authentication authentication, java.io.Serializable targetId, java.lang.String targetType, java.lang.Object permission) Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
void	setObjectIdentityGenerator(ObjectIdentityGenerator objectIdentityGenerator)
void	setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
void	setPermissionFactory(PermissionFactory permissionFactory)
void	setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AclPermissionEvaluator

public AclPermissionEvaluator(AclService aclService)

Method Detail

hasPermission

public boolean hasPermission(Authentication authentication,
                             java.lang.Object domainObject,
                             java.lang.Object permission)

Determines whether the user has the given permission(s) on the domain object using the ACL configuration. If the domain object is null, returns false (this can always be overridden using a null check in the expression itself).

Specified by:

hasPermission in interface PermissionEvaluator

Parameters:

authentication - represents the user in question. Should not be null.

domainObject - the domain object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.

permission - a representation of the permission object as supplied by the expression system. Not null.

Returns:

true if the permission is granted, false otherwise

hasPermission

public boolean hasPermission(Authentication authentication,
                             java.io.Serializable targetId,
                             java.lang.String targetType,
                             java.lang.Object permission)

Description copied from interface: PermissionEvaluator

Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.

Specified by:

hasPermission in interface PermissionEvaluator

Parameters:

authentication - represents the user in question. Should not be null.

targetId - the identifier for the object instance (usually a Long)

targetType - a String representing the target's type (usually a Java classname). Not null.

permission - a representation of the permission object as supplied by the expression system. Not null.

Returns:

true if the permission is granted, false otherwise

setObjectIdentityRetrievalStrategy

public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)

setObjectIdentityGenerator

public void setObjectIdentityGenerator(ObjectIdentityGenerator objectIdentityGenerator)

setSidRetrievalStrategy

public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)

setPermissionFactory

public void setPermissionFactory(PermissionFactory permissionFactory)