Package org.springframework.security.acls.jdbc

Class JdbcMutableAclService

  • All Implemented Interfaces:
    AclService, MutableAclService
    public class JdbcMutableAclService
extends JdbcAclService
implements MutableAclService
    Provides a base JDBC implementation of MutableAclService.

    The default settings are for HSQLDB. If you are using a different database you will probably need to set the sidIdentityQuery and classIdentityQuery properties appropriately. The other queries, SQL inserts and updates can also be customized to accomodate schema variations, but must produce results consistent with those expected by the defaults.

    See the appendix of the Spring Security reference manual for more information on the expected schema and how it is used. Information on using PostgreSQL is also included.

    • Constructor Detail

      • JdbcMutableAclService

        public JdbcMutableAclService​(javax.sql.DataSource dataSource,
                             LookupStrategy lookupStrategy,
                             AclCache aclCache)

    • Method Detail

      • createEntries

        protected void createEntries​(MutableAcl acl)
        Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.
        Parameters:
        acl - containing the ACEs to insert

      • createObjectIdentity

        protected void createObjectIdentity​(ObjectIdentity object,
                                    Sid owner)
        Creates an entry in the acl_object_identity table for the passed ObjectIdentity. The Sid is also necessary, as acl_object_identity has defined the sid column as non-null.
        Parameters:
        object - to represent an acl_object_identity for
        owner - for the SID column (will be created if there is no acl_sid entry for this particular Sid already)

      • createOrRetrieveClassPrimaryKey

        protected java.lang.Long createOrRetrieveClassPrimaryKey​(java.lang.String type,
                                                         boolean allowCreate,
                                                         java.lang.Class idType)
        Retrieves the primary key from acl_class, creating a new row if needed and the allowCreate property is true.
        Parameters:
        type - to find or create an entry for (often the fully-qualified class name)
        allowCreate - true if creation is permitted if not found
        Returns:
        the primary key or null if not found

      • createOrRetrieveSidPrimaryKey

        protected java.lang.Long createOrRetrieveSidPrimaryKey​(Sid sid,
                                                       boolean allowCreate)
        Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
        Parameters:
        sid - to find or create
        allowCreate - true if creation is permitted if not found
        Returns:
        the primary key or null if not found
        Throws:
        java.lang.IllegalArgumentException - if the Sid is not a recognized implementation.

      • createOrRetrieveSidPrimaryKey

        protected java.lang.Long createOrRetrieveSidPrimaryKey​(java.lang.String sidName,
                                                       boolean sidIsPrincipal,
                                                       boolean allowCreate)
        Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
        Parameters:
        sidName - name of Sid to find or to create
        sidIsPrincipal - whether it's a user or granted authority like role
        allowCreate - true if creation is permitted if not found
        Returns:
        the primary key or null if not found

      • deleteEntries

        protected void deleteEntries​(java.lang.Long oidPrimaryKey)
        Deletes all ACEs defined in the acl_entry table belonging to the presented ObjectIdentity primary key.
        Parameters:
        oidPrimaryKey - the rows in acl_entry to delete

      • deleteObjectIdentity

        protected void deleteObjectIdentity​(java.lang.Long oidPrimaryKey)
        Deletes a single row from acl_object_identity that is associated with the presented ObjectIdentity primary key.

        We do not delete any entries from acl_class, even if no classes are using that class any longer. This is a deadlock avoidance approach.

        Parameters:
        oidPrimaryKey - to delete the acl_object_identity

      • retrieveObjectIdentityPrimaryKey

        protected java.lang.Long retrieveObjectIdentityPrimaryKey​(ObjectIdentity oid)
        Retrieves the primary key from the acl_object_identity table for the passed ObjectIdentity. Unlike some other methods in this implementation, this method will NOT create a row (use createObjectIdentity(ObjectIdentity, Sid) instead).
        Parameters:
        oid - to find
        Returns:
        the object identity or null if not found

      • updateObjectIdentity

        protected void updateObjectIdentity​(MutableAcl acl)
        Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl object. Also will create an acl_sid entry if needed for the Sid that owns the MutableAcl.
        Parameters:
        acl - to modify (a row must already exist in acl_object_identity)
        Throws:
        NotFoundException - if the ACL could not be found to update.

      • setClassIdentityQuery

        public void setClassIdentityQuery​(java.lang.String classIdentityQuery)
        Sets the query that will be used to retrieve the identity of a newly created row in the acl_class table.
        Parameters:
        classIdentityQuery - the query, which should return the identifier. Defaults to call identity()

      • setSidIdentityQuery

        public void setSidIdentityQuery​(java.lang.String sidIdentityQuery)
        Sets the query that will be used to retrieve the identity of a newly created row in the acl_sid table.
        Parameters:
        sidIdentityQuery - the query, which should return the identifier. Defaults to call identity()

      • setDeleteEntryByObjectIdentityForeignKeySql

        public void setDeleteEntryByObjectIdentityForeignKeySql​(java.lang.String deleteEntryByObjectIdentityForeignKey)

      • setDeleteObjectIdentityByPrimaryKeySql

        public void setDeleteObjectIdentityByPrimaryKeySql​(java.lang.String deleteObjectIdentityByPrimaryKey)

      • setInsertClassSql

        public void setInsertClassSql​(java.lang.String insertClass)

      • setInsertEntrySql

        public void setInsertEntrySql​(java.lang.String insertEntry)

      • setInsertObjectIdentitySql

        public void setInsertObjectIdentitySql​(java.lang.String insertObjectIdentity)

      • setInsertSidSql

        public void setInsertSidSql​(java.lang.String insertSid)

      • setClassPrimaryKeyQuery

        public void setClassPrimaryKeyQuery​(java.lang.String selectClassPrimaryKey)

      • setObjectIdentityPrimaryKeyQuery

        public void setObjectIdentityPrimaryKeyQuery​(java.lang.String selectObjectIdentityPrimaryKey)

      • setSidPrimaryKeyQuery

        public void setSidPrimaryKeyQuery​(java.lang.String selectSidPrimaryKey)

      • setUpdateObjectIdentity

        public void setUpdateObjectIdentity​(java.lang.String updateObjectIdentity)

      • setForeignKeysInDatabase

        public void setForeignKeysInDatabase​(boolean foreignKeysInDatabase)
        Parameters:
        foreignKeysInDatabase - if false this class will perform additional FK constrain checking, which may cause deadlocks (the default is true, so deadlocks are avoided but the database is expected to enforce FKs)