Class JdbcMutableAclService
- java.lang.Object
-
- org.springframework.security.acls.jdbc.JdbcAclService
-
- org.springframework.security.acls.jdbc.JdbcMutableAclService
-
- All Implemented Interfaces:
AclService
,MutableAclService
public class JdbcMutableAclService extends JdbcAclService implements MutableAclService
Provides a base JDBC implementation ofMutableAclService
.The default settings are for HSQLDB. If you are using a different database you will probably need to set the
sidIdentityQuery
andclassIdentityQuery
properties appropriately. The other queries, SQL inserts and updates can also be customized to accomodate schema variations, but must produce results consistent with those expected by the defaults.See the appendix of the Spring Security reference manual for more information on the expected schema and how it is used. Information on using PostgreSQL is also included.
-
-
Field Summary
-
Fields inherited from class org.springframework.security.acls.jdbc.JdbcAclService
jdbcOperations, log
-
-
Constructor Summary
Constructors Constructor Description JdbcMutableAclService(javax.sql.DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description MutableAcl
createAcl(ObjectIdentity objectIdentity)
Creates an emptyAcl
object in the database.protected void
createEntries(MutableAcl acl)
Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.protected void
createObjectIdentity(ObjectIdentity object, Sid owner)
Creates an entry in the acl_object_identity table for the passed ObjectIdentity.protected java.lang.Long
createOrRetrieveClassPrimaryKey(java.lang.String type, boolean allowCreate, java.lang.Class idType)
Retrieves the primary key fromacl_class
, creating a new row if needed and theallowCreate
property istrue
.protected java.lang.Long
createOrRetrieveSidPrimaryKey(java.lang.String sidName, boolean sidIsPrincipal, boolean allowCreate)
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.protected java.lang.Long
createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate)
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.void
deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren)
Removes the specified entry from the database.protected void
deleteEntries(java.lang.Long oidPrimaryKey)
Deletes all ACEs defined in the acl_entry table belonging to the presented ObjectIdentity primary key.protected void
deleteObjectIdentity(java.lang.Long oidPrimaryKey)
Deletes a single row from acl_object_identity that is associated with the presented ObjectIdentity primary key.protected java.lang.Long
retrieveObjectIdentityPrimaryKey(ObjectIdentity oid)
Retrieves the primary key from the acl_object_identity table for the passed ObjectIdentity.void
setAclClassIdSupported(boolean aclClassIdSupported)
void
setClassIdentityQuery(java.lang.String classIdentityQuery)
Sets the query that will be used to retrieve the identity of a newly created row in the acl_class table.void
setClassPrimaryKeyQuery(java.lang.String selectClassPrimaryKey)
void
setDeleteEntryByObjectIdentityForeignKeySql(java.lang.String deleteEntryByObjectIdentityForeignKey)
void
setDeleteObjectIdentityByPrimaryKeySql(java.lang.String deleteObjectIdentityByPrimaryKey)
void
setForeignKeysInDatabase(boolean foreignKeysInDatabase)
void
setInsertClassSql(java.lang.String insertClass)
void
setInsertEntrySql(java.lang.String insertEntry)
void
setInsertObjectIdentitySql(java.lang.String insertObjectIdentity)
void
setInsertSidSql(java.lang.String insertSid)
void
setObjectIdentityPrimaryKeyQuery(java.lang.String selectObjectIdentityPrimaryKey)
void
setSidIdentityQuery(java.lang.String sidIdentityQuery)
Sets the query that will be used to retrieve the identity of a newly created row in the acl_sid table.void
setSidPrimaryKeyQuery(java.lang.String selectSidPrimaryKey)
void
setUpdateObjectIdentity(java.lang.String updateObjectIdentity)
MutableAcl
updateAcl(MutableAcl acl)
This implementation will simply delete all ACEs in the database and recreate them on each invocation of this method.protected void
updateObjectIdentity(MutableAcl acl)
Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl object.-
Methods inherited from class org.springframework.security.acls.jdbc.JdbcAclService
findChildren, isAclClassIdSupported, readAclById, readAclById, readAclsById, readAclsById, setConversionService, setFindChildrenQuery, setObjectIdentityGenerator
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.springframework.security.acls.model.AclService
findChildren, readAclById, readAclById, readAclsById, readAclsById
-
-
-
-
Constructor Detail
-
JdbcMutableAclService
public JdbcMutableAclService(javax.sql.DataSource dataSource, LookupStrategy lookupStrategy, AclCache aclCache)
-
-
Method Detail
-
createAcl
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException
Description copied from interface:MutableAclService
Creates an emptyAcl
object in the database. It will have no entries. The returned object will then be used to add entries.- Specified by:
createAcl
in interfaceMutableAclService
- Parameters:
objectIdentity
- the object identity to create- Returns:
- an ACL object with its ID set
- Throws:
AlreadyExistsException
- if the passed object identity already has a record
-
createEntries
protected void createEntries(MutableAcl acl)
Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.- Parameters:
acl
- containing the ACEs to insert
-
createObjectIdentity
protected void createObjectIdentity(ObjectIdentity object, Sid owner)
Creates an entry in the acl_object_identity table for the passed ObjectIdentity. The Sid is also necessary, as acl_object_identity has defined the sid column as non-null.- Parameters:
object
- to represent an acl_object_identity forowner
- for the SID column (will be created if there is no acl_sid entry for this particular Sid already)
-
createOrRetrieveClassPrimaryKey
protected java.lang.Long createOrRetrieveClassPrimaryKey(java.lang.String type, boolean allowCreate, java.lang.Class idType)
Retrieves the primary key fromacl_class
, creating a new row if needed and theallowCreate
property istrue
.- Parameters:
type
- to find or create an entry for (often the fully-qualified class name)allowCreate
- true if creation is permitted if not found- Returns:
- the primary key or null if not found
-
createOrRetrieveSidPrimaryKey
protected java.lang.Long createOrRetrieveSidPrimaryKey(Sid sid, boolean allowCreate)
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.- Parameters:
sid
- to find or createallowCreate
- true if creation is permitted if not found- Returns:
- the primary key or null if not found
- Throws:
java.lang.IllegalArgumentException
- if the Sid is not a recognized implementation.
-
createOrRetrieveSidPrimaryKey
protected java.lang.Long createOrRetrieveSidPrimaryKey(java.lang.String sidName, boolean sidIsPrincipal, boolean allowCreate)
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.- Parameters:
sidName
- name of Sid to find or to createsidIsPrincipal
- whether it's a user or granted authority like roleallowCreate
- true if creation is permitted if not found- Returns:
- the primary key or null if not found
-
deleteAcl
public void deleteAcl(ObjectIdentity objectIdentity, boolean deleteChildren) throws ChildrenExistException
Description copied from interface:MutableAclService
Removes the specified entry from the database.- Specified by:
deleteAcl
in interfaceMutableAclService
- Parameters:
objectIdentity
- the object identity to removedeleteChildren
- whether to cascade the delete to children- Throws:
ChildrenExistException
- if the deleteChildren argument wasfalse
but children exist
-
deleteEntries
protected void deleteEntries(java.lang.Long oidPrimaryKey)
Deletes all ACEs defined in the acl_entry table belonging to the presented ObjectIdentity primary key.- Parameters:
oidPrimaryKey
- the rows in acl_entry to delete
-
deleteObjectIdentity
protected void deleteObjectIdentity(java.lang.Long oidPrimaryKey)
Deletes a single row from acl_object_identity that is associated with the presented ObjectIdentity primary key.We do not delete any entries from acl_class, even if no classes are using that class any longer. This is a deadlock avoidance approach.
- Parameters:
oidPrimaryKey
- to delete the acl_object_identity
-
retrieveObjectIdentityPrimaryKey
protected java.lang.Long retrieveObjectIdentityPrimaryKey(ObjectIdentity oid)
Retrieves the primary key from the acl_object_identity table for the passed ObjectIdentity. Unlike some other methods in this implementation, this method will NOT create a row (usecreateObjectIdentity(ObjectIdentity, Sid)
instead).- Parameters:
oid
- to find- Returns:
- the object identity or null if not found
-
updateAcl
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException
This implementation will simply delete all ACEs in the database and recreate them on each invocation of this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM capabilities for create, update and delete operations ofMutableAcl
.- Specified by:
updateAcl
in interfaceMutableAclService
- Parameters:
acl
- to modify- Throws:
NotFoundException
- if the relevant record could not be found (did you remember to useMutableAclService.createAcl(ObjectIdentity)
to create the object, rather than creating it with thenew
keyword?)
-
updateObjectIdentity
protected void updateObjectIdentity(MutableAcl acl)
Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl object. Also will create an acl_sid entry if needed for the Sid that owns the MutableAcl.- Parameters:
acl
- to modify (a row must already exist in acl_object_identity)- Throws:
NotFoundException
- if the ACL could not be found to update.
-
setClassIdentityQuery
public void setClassIdentityQuery(java.lang.String classIdentityQuery)
Sets the query that will be used to retrieve the identity of a newly created row in the acl_class table.- Parameters:
classIdentityQuery
- the query, which should return the identifier. Defaults to call identity()
-
setSidIdentityQuery
public void setSidIdentityQuery(java.lang.String sidIdentityQuery)
Sets the query that will be used to retrieve the identity of a newly created row in the acl_sid table.- Parameters:
sidIdentityQuery
- the query, which should return the identifier. Defaults to call identity()
-
setDeleteEntryByObjectIdentityForeignKeySql
public void setDeleteEntryByObjectIdentityForeignKeySql(java.lang.String deleteEntryByObjectIdentityForeignKey)
-
setDeleteObjectIdentityByPrimaryKeySql
public void setDeleteObjectIdentityByPrimaryKeySql(java.lang.String deleteObjectIdentityByPrimaryKey)
-
setInsertClassSql
public void setInsertClassSql(java.lang.String insertClass)
-
setInsertEntrySql
public void setInsertEntrySql(java.lang.String insertEntry)
-
setInsertObjectIdentitySql
public void setInsertObjectIdentitySql(java.lang.String insertObjectIdentity)
-
setInsertSidSql
public void setInsertSidSql(java.lang.String insertSid)
-
setClassPrimaryKeyQuery
public void setClassPrimaryKeyQuery(java.lang.String selectClassPrimaryKey)
-
setObjectIdentityPrimaryKeyQuery
public void setObjectIdentityPrimaryKeyQuery(java.lang.String selectObjectIdentityPrimaryKey)
-
setSidPrimaryKeyQuery
public void setSidPrimaryKeyQuery(java.lang.String selectSidPrimaryKey)
-
setUpdateObjectIdentity
public void setUpdateObjectIdentity(java.lang.String updateObjectIdentity)
-
setForeignKeysInDatabase
public void setForeignKeysInDatabase(boolean foreignKeysInDatabase)
- Parameters:
foreignKeysInDatabase
- if false this class will perform additional FK constrain checking, which may cause deadlocks (the default is true, so deadlocks are avoided but the database is expected to enforce FKs)
-
setAclClassIdSupported
public void setAclClassIdSupported(boolean aclClassIdSupported)
- Overrides:
setAclClassIdSupported
in classJdbcAclService
-
-