Package org.springframework.security.acls.jdbc

Class BasicLookupStrategy

  • All Implemented Interfaces:
    LookupStrategy
    public class BasicLookupStrategy
extends java.lang.Object
implements LookupStrategy
    Performs lookups in a manner that is compatible with ANSI SQL.

    NB: This implementation does attempt to provide reasonably optimised lookups - within the constraints of a normalised database and standard ANSI SQL features. If you are willing to sacrifice either of these constraints (e.g. use a particular database feature such as hierarchical queries or materalized views, or reduce normalisation) you are likely to achieve better performance. In such situations you will need to provide your own custom LookupStrategy. This class does not support subclassing, as it is likely to change in future releases and therefore subclassing is unsupported.

    There are two SQL queries executed, one in the lookupPrimaryKeys method and one in lookupObjectIdentities. These are built from the same select and "order by" clause, using a different where clause in each case. In order to use custom schema or column names, each of these SQL clauses can be customized, but they must be consistent with each other and with the expected result set generated by the the default values.

    • Field Detail

      • DEFAULT_SELECT_CLAUSE

        public static final java.lang.String DEFAULT_SELECT_CLAUSE
        See Also:
        Constant Field Values

      • DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE

        public static final java.lang.String DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE
        See Also:
        Constant Field Values

      • DEFAULT_ORDER_BY_CLAUSE

        public static final java.lang.String DEFAULT_ORDER_BY_CLAUSE
        See Also:
        Constant Field Values

    • Constructor Detail

      • BasicLookupStrategy

        public BasicLookupStrategy​(javax.sql.DataSource dataSource,
                           AclCache aclCache,
                           AclAuthorizationStrategy aclAuthorizationStrategy,
                           AuditLogger auditLogger)
        Constructor accepting mandatory arguments
        Parameters:
        dataSource - to access the database
        aclCache - the cache where fully-loaded elements can be stored
        aclAuthorizationStrategy - authorization strategy (required)

      • BasicLookupStrategy

        public BasicLookupStrategy​(javax.sql.DataSource dataSource,
                           AclCache aclCache,
                           AclAuthorizationStrategy aclAuthorizationStrategy,
                           PermissionGrantingStrategy grantingStrategy)
        Creates a new instance
        Parameters:
        dataSource - to access the database
        aclCache - the cache where fully-loaded elements can be stored
        aclAuthorizationStrategy - authorization strategy (required)
        grantingStrategy - the PermissionGrantingStrategy

    • Method Detail

      • readAclsById

        public final java.util.Map<ObjectIdentity,​Acl> readAclsById​(java.util.List<ObjectIdentity> objects,
                                                                  java.util.List<Sid> sids)
        The main method.

        WARNING: This implementation completely disregards the "sids" argument! Every item in the cache is expected to contain all SIDs. If you have serious performance needs (e.g. a very large number of SIDs per object identity), you'll probably want to develop a custom LookupStrategy implementation instead.

        The implementation works in batch sizes specified by batchSize.

        Specified by:
        readAclsById in interface LookupStrategy
        Parameters:
        objects - the identities to lookup (required)
        sids - the SIDs for which identities are required (ignored by this implementation)
        Returns:
        a Map where keys represent the ObjectIdentity of the located Acl and values are the located Acl (never null although some entries may be missing; this method should not throw NotFoundException, as a chain of LookupStrategys may be used to automatically create entries if required)

      • createSid

        protected Sid createSid​(boolean isPrincipal,
                        java.lang.String sid)
        Creates a particular implementation of Sid depending on the arguments.
        Parameters:
        sid - the name of the sid representing its unique identifier. In typical ACL database schema it's located in table acl_sid table, sid column.
        isPrincipal - whether it's a user or granted authority like role
        Returns:
        the instance of Sid with the sidName as an identifier

      • setPermissionFactory

        public final void setPermissionFactory​(PermissionFactory permissionFactory)
        Sets the PermissionFactory instance which will be used to convert loaded permission data values to Permissions. A DefaultPermissionFactory will be used by default.
        Parameters:
        permissionFactory -

      • setBatchSize

        public final void setBatchSize​(int batchSize)

      • setSelectClause

        public final void setSelectClause​(java.lang.String selectClause)
        The SQL for the select clause. If customizing in order to modify column names, schema etc, the other SQL customization fields must also be set to match.
        Parameters:
        selectClause - the select clause, which defaults to DEFAULT_SELECT_CLAUSE.

      • setLookupPrimaryKeysWhereClause

        public final void setLookupPrimaryKeysWhereClause​(java.lang.String lookupPrimaryKeysWhereClause)
        The SQL for the where clause used in the lookupPrimaryKey method.

      • setLookupObjectIdentitiesWhereClause

        public final void setLookupObjectIdentitiesWhereClause​(java.lang.String lookupObjectIdentitiesWhereClause)
        The SQL for the where clause used in the lookupObjectIdentities method.

      • setOrderByClause

        public final void setOrderByClause​(java.lang.String orderByClause)
        The SQL for the "order by" clause used in both queries.

      • setAclClassIdSupported

        public final void setAclClassIdSupported​(boolean aclClassIdSupported)

      • setConversionService

        public final void setConversionService​(org.springframework.core.convert.ConversionService conversionService)