Class AclPermissionEvaluator
- java.lang.Object
-
- org.springframework.security.acls.AclPermissionEvaluator
-
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,PermissionEvaluator
public class AclPermissionEvaluator extends java.lang.Object implements PermissionEvaluator
Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module. Similar in behaviour toAclEntryVoter
.- Since:
- 3.0
-
-
Constructor Summary
Constructors Constructor Description AclPermissionEvaluator(AclService aclService)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
hasPermission(Authentication authentication, java.io.Serializable targetId, java.lang.String targetType, java.lang.Object permission)
Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.boolean
hasPermission(Authentication authentication, java.lang.Object domainObject, java.lang.Object permission)
Determines whether the user has the given permission(s) on the domain object using the ACL configuration.void
setObjectIdentityGenerator(ObjectIdentityGenerator objectIdentityGenerator)
void
setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
void
setPermissionFactory(PermissionFactory permissionFactory)
void
setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)
-
-
-
Constructor Detail
-
AclPermissionEvaluator
public AclPermissionEvaluator(AclService aclService)
-
-
Method Detail
-
hasPermission
public boolean hasPermission(Authentication authentication, java.lang.Object domainObject, java.lang.Object permission)
Determines whether the user has the given permission(s) on the domain object using the ACL configuration. If the domain object is null, returns false (this can always be overridden using a null check in the expression itself).- Specified by:
hasPermission
in interfacePermissionEvaluator
- Parameters:
authentication
- represents the user in question. Should not be null.domainObject
- the domain object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.permission
- a representation of the permission object as supplied by the expression system. Not null.- Returns:
- true if the permission is granted, false otherwise
-
hasPermission
public boolean hasPermission(Authentication authentication, java.io.Serializable targetId, java.lang.String targetType, java.lang.Object permission)
Description copied from interface:PermissionEvaluator
Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.- Specified by:
hasPermission
in interfacePermissionEvaluator
- Parameters:
authentication
- represents the user in question. Should not be null.targetId
- the identifier for the object instance (usually a Long)targetType
- a String representing the target's type (usually a Java classname). Not null.permission
- a representation of the permission object as supplied by the expression system. Not null.- Returns:
- true if the permission is granted, false otherwise
-
setObjectIdentityRetrievalStrategy
public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
-
setObjectIdentityGenerator
public void setObjectIdentityGenerator(ObjectIdentityGenerator objectIdentityGenerator)
-
setSidRetrievalStrategy
public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)
-
setPermissionFactory
public void setPermissionFactory(PermissionFactory permissionFactory)
-
-