Package org.springframework.security.acls

Class AclPermissionEvaluator

  • All Implemented Interfaces:
    org.springframework.aop.framework.AopInfrastructureBean, PermissionEvaluator
    public class AclPermissionEvaluator
extends java.lang.Object
implements PermissionEvaluator
    Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module. Similar in behaviour to AclEntryVoter.
    Since:
    3.0

    • Constructor Detail

      • AclPermissionEvaluator

        public AclPermissionEvaluator​(AclService aclService)

    • Method Detail

      • hasPermission

        public boolean hasPermission​(Authentication authentication,
                             java.lang.Object domainObject,
                             java.lang.Object permission)
        Determines whether the user has the given permission(s) on the domain object using the ACL configuration. If the domain object is null, returns false (this can always be overridden using a null check in the expression itself).
        Specified by:
        hasPermission in interface PermissionEvaluator
        Parameters:
        authentication - represents the user in question. Should not be null.
        domainObject - the domain object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.
        permission - a representation of the permission object as supplied by the expression system. Not null.
        Returns:
        true if the permission is granted, false otherwise

      • hasPermission

        public boolean hasPermission​(Authentication authentication,
                             java.io.Serializable targetId,
                             java.lang.String targetType,
                             java.lang.Object permission)
        Description copied from interface: PermissionEvaluator
        Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
        Specified by:
        hasPermission in interface PermissionEvaluator
        Parameters:
        authentication - represents the user in question. Should not be null.
        targetId - the identifier for the object instance (usually a Long)
        targetType - a String representing the target's type (usually a Java classname). Not null.
        permission - a representation of the permission object as supplied by the expression system. Not null.
        Returns:
        true if the permission is granted, false otherwise

      • setObjectIdentityGenerator

        public void setObjectIdentityGenerator​(ObjectIdentityGenerator objectIdentityGenerator)

      • setSidRetrievalStrategy

        public void setSidRetrievalStrategy​(SidRetrievalStrategy sidRetrievalStrategy)

      • setPermissionFactory

        public void setPermissionFactory​(PermissionFactory permissionFactory)