Package org.springframework.security.acls.domain

Class AclImpl

    • Constructor Detail

      • AclImpl

        public AclImpl​(ObjectIdentity objectIdentity,
               java.io.Serializable id,
               AclAuthorizationStrategy aclAuthorizationStrategy,
               AuditLogger auditLogger)
        Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity) .
        Parameters:
        objectIdentity - the object identity this ACL relates to (required)
        id - the primary key assigned to this ACL (required)
        aclAuthorizationStrategy - authorization strategy (required)
        auditLogger - audit logger (required)

      • AclImpl

        public AclImpl​(ObjectIdentity objectIdentity,
               java.io.Serializable id,
               AclAuthorizationStrategy aclAuthorizationStrategy,
               PermissionGrantingStrategy grantingStrategy,
               Acl parentAcl,
               java.util.List<Sid> loadedSids,
               boolean entriesInheriting,
               Sid owner)
        Full constructor, which should be used by persistence tools that do not provide field-level access features.
        Parameters:
        objectIdentity - the object identity this ACL relates to
        id - the primary key assigned to this ACL
        aclAuthorizationStrategy - authorization strategy
        grantingStrategy - the PermissionGrantingStrategy which will be used by the isGranted() method
        parentAcl - the parent (may be may be null)
        loadedSids - the loaded SIDs if only a subset were loaded (may be null )
        entriesInheriting - if ACEs from the parent should inherit into this ACL
        owner - the owner (required)

    • Method Detail

      • getEntries

        public java.util.List<AccessControlEntry> getEntries()
        Description copied from interface: Acl
        Returns all of the entries represented by the present Acl. Entries associated with the Acl parents are not returned.

        This method is typically used for administrative purposes.

        The order that entries appear in the array is important for methods declared in the MutableAcl interface. Furthermore, some implementations MAY use ordering as part of advanced permission checking.

        Do NOT use this method for making authorization decisions. Instead use Acl.isGranted(List, List, boolean).

        This method must operate correctly even if the Acl only represents a subset of Sids. The caller is responsible for correctly handling the result if only a subset of Sids is represented.

        Specified by:
        getEntries in interface Acl
        Returns:
        the list of entries represented by the Acl, or null if there are no entries presently associated with this Acl.

      • getId

        public java.io.Serializable getId()
        Description copied from interface: MutableAcl
        Obtains an identifier that represents this MutableAcl.
        Specified by:
        getId in interface MutableAcl
        Returns:
        the identifier, or null if unsaved

      • getObjectIdentity

        public ObjectIdentity getObjectIdentity()
        Description copied from interface: Acl
        Obtains the domain object this Acl provides entries for. This is immutable once an Acl is created.
        Specified by:
        getObjectIdentity in interface Acl
        Returns:
        the object identity (never null)

      • isEntriesInheriting

        public boolean isEntriesInheriting()
        Description copied from interface: Acl
        Indicates whether the ACL entries from the Acl.getParentAcl() should flow down into the current Acl.

        The mere link between an Acl and a parent Acl on its own is insufficient to cause ACL entries to inherit down. This is because a domain object may wish to have entirely independent entries, but maintain the link with the parent for navigation purposes. Thus, this method denotes whether or not the navigation relationship also extends to the actual inheritance of entries.

        Specified by:
        isEntriesInheriting in interface Acl
        Returns:
        true if parent ACL entries inherit into the current Acl

      • isGranted

        public boolean isGranted​(java.util.List<Permission> permission,
                         java.util.List<Sid> sids,
                         boolean administrativeMode)
                  throws NotFoundException,
                         UnloadedSidException
        Delegates to the PermissionGrantingStrategy.
        Specified by:
        isGranted in interface Acl
        Parameters:
        permission - the permission or permissions required (at least one entry required)
        sids - the security identities held by the principal (at least one entry required)
        administrativeMode - if true denotes the query is for administrative purposes and no logging or auditing (if supported by the implementation) should be undertaken
        Returns:
        true if authorization is granted
        Throws:
        UnloadedSidException - if the passed SIDs are unknown to this ACL because the ACL was only loaded for a subset of SIDs
        NotFoundException - MUST be thrown if an implementation cannot make an authoritative authorization decision, usually because there is no ACL information for this particular permission and/or SID
        See Also:
        DefaultPermissionGrantingStrategy

      • isSidLoaded

        public boolean isSidLoaded​(java.util.List<Sid> sids)
        Description copied from interface: Acl
        For efficiency reasons an Acl may be loaded and not contain entries for every Sid in the system. If an Acl has been loaded and does not represent every Sid, all methods of the Acl can only be used within the limited scope of the Sid instances it actually represents.

        It is normal to load an Acl for only particular Sids if read-only authorization decisions are being made. However, if user interface reporting or modification of Acls are desired, an Acl should be loaded with all Sids. This method denotes whether or not the specified Sids have been loaded or not.

        Specified by:
        isSidLoaded in interface Acl
        Parameters:
        sids - one or more security identities the caller is interest in knowing whether this Sid supports
        Returns:
        true if every passed Sid is represented by this Acl instance

      • setOwner

        public void setOwner​(Sid newOwner)
        Description copied from interface: MutableAcl
        Changes the present owner to a different owner.
        Specified by:
        setOwner in interface MutableAcl
        Specified by:
        setOwner in interface OwnershipAcl
        Parameters:
        newOwner - the new owner (mandatory; cannot be null)

      • getOwner

        public Sid getOwner()
        Description copied from interface: Acl
        Determines the owner of the Acl. The meaning of ownership varies by implementation and is unspecified.
        Specified by:
        getOwner in interface Acl
        Returns:
        the owner (may be null if the implementation does not use ownership concepts)

      • setParent

        public void setParent​(Acl newParent)
        Description copied from interface: MutableAcl
        Changes the parent of this ACL.
        Specified by:
        setParent in interface MutableAcl
        Parameters:
        newParent - the new parent

      • getParentAcl

        public Acl getParentAcl()
        Description copied from interface: Acl
        A domain object may have a parent for the purpose of ACL inheritance. If there is a parent, its ACL can be accessed via this method. In turn, the parent's parent (grandparent) can be accessed and so on.

        This method solely represents the presence of a navigation hierarchy between the parent Acl and this Acl. For actual inheritance to take place, the Acl.isEntriesInheriting() must also be true.

        This method must operate correctly even if the Acl only represents a subset of Sids. The caller is responsible for correctly handling the result if only a subset of Sids is represented.

        Specified by:
        getParentAcl in interface Acl
        Returns:
        the parent Acl (may be null if this Acl does not have a parent)

      • updateAuditing

        public void updateAuditing​(int aceIndex,
                           boolean auditSuccess,
                           boolean auditFailure)
        Specified by:
        updateAuditing in interface AuditableAcl

      • equals

        public boolean equals​(java.lang.Object obj)
        Overrides:
        equals in class java.lang.Object

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class java.lang.Object

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object