org.springframework.security.acls.jdbc

Class JdbcMutableAclService

java.lang.Object

org.springframework.security.acls.jdbc.JdbcAclService

org.springframework.security.acls.jdbc.JdbcMutableAclService

All Implemented Interfaces:

AclService, MutableAclService

public class JdbcMutableAclService
extends JdbcAclService
implements MutableAclService

Provides a base JDBC implementation of MutableAclService.

The default settings are for HSQLDB. If you are using a different database you will probably need to set the sidIdentityQuery and classIdentityQuery properties appropriately. The other queries, SQL inserts and updates can also be customized to accomodate schema variations, but must produce results consistent with those expected by the defaults.

See the appendix of the Spring Security reference manual for more information on the expected schema and how it is used. Information on using PostgreSQL is also included.

Field Summary

Fields inherited from class org.springframework.security.acls.jdbc.JdbcAclService

jdbcTemplate, log

Constructor Summary

Constructors

Constructor and Description
JdbcMutableAclService(javax.sql.DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache)

Method Summary

Modifier and Type	Method and Description
MutableAcl	createAcl(ObjectIdentity objectIdentity) Creates an empty Acl object in the database.
protected void	createEntries(MutableAcl acl) Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.
protected void	createObjectIdentity(ObjectIdentity object, Sid owner) Creates an entry in the acl_object_identity table for the passed ObjectIdentity.
protected java.lang.Long	createOrRetrieveClassPrimaryKey(java.lang.String type, boolean allowCreate) Retrieves the primary key from acl_class, creating a new row if needed and the allowCreate property is true.
protected java.lang.Long	createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate) Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
protected java.lang.Long	createOrRetrieveSidPrimaryKey(java.lang.String sidName, boolean sidIsPrincipal, boolean allowCreate) Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
void	deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) Removes the specified entry from the database.
protected void	deleteEntries(java.lang.Long oidPrimaryKey) Deletes all ACEs defined in the acl_entry table belonging to the presented ObjectIdentity primary key.
protected void	deleteObjectIdentity(java.lang.Long oidPrimaryKey) Deletes a single row from acl_object_identity that is associated with the presented ObjectIdentity primary key.
protected java.lang.Long	retrieveObjectIdentityPrimaryKey(ObjectIdentity oid) Retrieves the primary key from the acl_object_identity table for the passed ObjectIdentity.
void	setClassIdentityQuery(java.lang.String classIdentityQuery) Sets the query that will be used to retrieve the identity of a newly created row in the acl_class table.
void	setClassPrimaryKeyQuery(java.lang.String selectClassPrimaryKey)
void	setDeleteEntryByObjectIdentityForeignKeySql(java.lang.String deleteEntryByObjectIdentityForeignKey)
void	setDeleteObjectIdentityByPrimaryKeySql(java.lang.String deleteObjectIdentityByPrimaryKey)
void	setForeignKeysInDatabase(boolean foreignKeysInDatabase)
void	setInsertClassSql(java.lang.String insertClass)
void	setInsertEntrySql(java.lang.String insertEntry)
void	setInsertObjectIdentitySql(java.lang.String insertObjectIdentity)
void	setInsertSidSql(java.lang.String insertSid)
void	setObjectIdentityPrimaryKeyQuery(java.lang.String selectObjectIdentityPrimaryKey)
void	setSidIdentityQuery(java.lang.String sidIdentityQuery) Sets the query that will be used to retrieve the identity of a newly created row in the acl_sid table.
void	setSidPrimaryKeyQuery(java.lang.String selectSidPrimaryKey)
void	setUpdateObjectIdentity(java.lang.String updateObjectIdentity)
MutableAcl	updateAcl(MutableAcl acl) This implementation will simply delete all ACEs in the database and recreate them on each invocation of this method.
protected void	updateObjectIdentity(MutableAcl acl) Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl object.

Methods inherited from class org.springframework.security.acls.jdbc.JdbcAclService

findChildren, readAclById, readAclById, readAclsById, readAclsById, setFindChildrenQuery

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.acls.model.AclService

findChildren, readAclById, readAclById, readAclsById, readAclsById

Constructor Detail

JdbcMutableAclService

public JdbcMutableAclService(javax.sql.DataSource dataSource,
                             LookupStrategy lookupStrategy,
                             AclCache aclCache)

Method Detail

createAcl

public MutableAcl createAcl(ObjectIdentity objectIdentity)
                     throws AlreadyExistsException

Description copied from interface: MutableAclService

Creates an empty Acl object in the database. It will have no entries. The returned object will then be used to add entries.

Specified by:

createAcl in interface MutableAclService

Parameters:

objectIdentity - the object identity to create

Returns:

an ACL object with its ID set

Throws:

AlreadyExistsException - if the passed object identity already has a record

createEntries

protected void createEntries(MutableAcl acl)

Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.

Parameters:

acl - containing the ACEs to insert

createObjectIdentity

protected void createObjectIdentity(ObjectIdentity object,
                                    Sid owner)

Creates an entry in the acl_object_identity table for the passed ObjectIdentity. The Sid is also necessary, as acl_object_identity has defined the sid column as non-null.

Parameters:

object - to represent an acl_object_identity for

owner - for the SID column (will be created if there is no acl_sid entry for this particular Sid already)

createOrRetrieveClassPrimaryKey

protected java.lang.Long createOrRetrieveClassPrimaryKey(java.lang.String type,
                                                         boolean allowCreate)

Retrieves the primary key from acl_class, creating a new row if needed and the allowCreate property is true.

Parameters:

type - to find or create an entry for (often the fully-qualified class name)

allowCreate - true if creation is permitted if not found

Returns:

the primary key or null if not found

createOrRetrieveSidPrimaryKey

protected java.lang.Long createOrRetrieveSidPrimaryKey(Sid sid,
                                                       boolean allowCreate)

Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.

Parameters:

sid - to find or create

allowCreate - true if creation is permitted if not found

Returns:

the primary key or null if not found

Throws:

java.lang.IllegalArgumentException - if the Sid is not a recognized implementation.

createOrRetrieveSidPrimaryKey

protected java.lang.Long createOrRetrieveSidPrimaryKey(java.lang.String sidName,
                                                       boolean sidIsPrincipal,
                                                       boolean allowCreate)

Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.

Parameters:

sidName - name of Sid to find or to create

sidIsPrincipal - whether it's a user or granted authority like role

allowCreate - true if creation is permitted if not found

Returns:

the primary key or null if not found

deleteAcl

public void deleteAcl(ObjectIdentity objectIdentity,
                      boolean deleteChildren)
               throws ChildrenExistException

Description copied from interface: MutableAclService

Removes the specified entry from the database.

Specified by:

deleteAcl in interface MutableAclService

Parameters:

objectIdentity - the object identity to remove

deleteChildren - whether to cascade the delete to children

Throws:

ChildrenExistException - if the deleteChildren argument was false but children exist

deleteEntries

protected void deleteEntries(java.lang.Long oidPrimaryKey)

Deletes all ACEs defined in the acl_entry table belonging to the presented ObjectIdentity primary key.

Parameters:

oidPrimaryKey - the rows in acl_entry to delete

deleteObjectIdentity

protected void deleteObjectIdentity(java.lang.Long oidPrimaryKey)

Deletes a single row from acl_object_identity that is associated with the presented ObjectIdentity primary key.

We do not delete any entries from acl_class, even if no classes are using that class any longer. This is a deadlock avoidance approach.

Parameters:

oidPrimaryKey - to delete the acl_object_identity

retrieveObjectIdentityPrimaryKey

protected java.lang.Long retrieveObjectIdentityPrimaryKey(ObjectIdentity oid)

Retrieves the primary key from the acl_object_identity table for the passed ObjectIdentity. Unlike some other methods in this implementation, this method will NOT create a row (use createObjectIdentity(ObjectIdentity, Sid) instead).

Parameters:

oid - to find

Returns:

the object identity or null if not found

updateAcl

public MutableAcl updateAcl(MutableAcl acl)
                     throws NotFoundException

This implementation will simply delete all ACEs in the database and recreate them on each invocation of this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM capabilities for create, update and delete operations of MutableAcl.

Specified by:

updateAcl in interface MutableAclService

Parameters:

acl - to modify

Throws:

NotFoundException - if the relevant record could not be found (did you remember to use MutableAclService.createAcl(ObjectIdentity) to create the object, rather than creating it with the new keyword?)

updateObjectIdentity

protected void updateObjectIdentity(MutableAcl acl)

Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl object. Also will create an acl_sid entry if needed for the Sid that owns the MutableAcl.

Parameters:

acl - to modify (a row must already exist in acl_object_identity)

Throws:

NotFoundException - if the ACL could not be found to update.

setClassIdentityQuery

public void setClassIdentityQuery(java.lang.String classIdentityQuery)

Sets the query that will be used to retrieve the identity of a newly created row in the acl_class table.

Parameters:

classIdentityQuery - the query, which should return the identifier. Defaults to call identity()

setSidIdentityQuery

public void setSidIdentityQuery(java.lang.String sidIdentityQuery)

Sets the query that will be used to retrieve the identity of a newly created row in the acl_sid table.

Parameters:

sidIdentityQuery - the query, which should return the identifier. Defaults to call identity()

setDeleteEntryByObjectIdentityForeignKeySql

public void setDeleteEntryByObjectIdentityForeignKeySql(java.lang.String deleteEntryByObjectIdentityForeignKey)

setDeleteObjectIdentityByPrimaryKeySql

public void setDeleteObjectIdentityByPrimaryKeySql(java.lang.String deleteObjectIdentityByPrimaryKey)

setInsertClassSql

public void setInsertClassSql(java.lang.String insertClass)

setInsertEntrySql

public void setInsertEntrySql(java.lang.String insertEntry)

setInsertObjectIdentitySql

public void setInsertObjectIdentitySql(java.lang.String insertObjectIdentity)

setInsertSidSql

public void setInsertSidSql(java.lang.String insertSid)

setClassPrimaryKeyQuery

public void setClassPrimaryKeyQuery(java.lang.String selectClassPrimaryKey)

setObjectIdentityPrimaryKeyQuery

public void setObjectIdentityPrimaryKeyQuery(java.lang.String selectObjectIdentityPrimaryKey)

setSidPrimaryKeyQuery

public void setSidPrimaryKeyQuery(java.lang.String selectSidPrimaryKey)

setUpdateObjectIdentity

public void setUpdateObjectIdentity(java.lang.String updateObjectIdentity)

setForeignKeysInDatabase

public void setForeignKeysInDatabase(boolean foreignKeysInDatabase)

Parameters:

foreignKeysInDatabase - if false this class will perform additional FK constrain checking, which may cause deadlocks (the default is true, so deadlocks are avoided but the database is expected to enforce FKs)