Class BasicLookupStrategy

java.lang.Object
org.springframework.security.acls.jdbc.BasicLookupStrategy
All Implemented Interfaces:
LookupStrategy

public class BasicLookupStrategy extends Object implements LookupStrategy
Performs lookups in a manner that is compatible with ANSI SQL.

NB: This implementation does attempt to provide reasonably optimised lookups - within the constraints of a normalised database and standard ANSI SQL features. If you are willing to sacrifice either of these constraints (e.g. use a particular database feature such as hierarchical queries or materalized views, or reduce normalisation) you are likely to achieve better performance. In such situations you will need to provide your own custom LookupStrategy. This class does not support subclassing, as it is likely to change in future releases and therefore subclassing is unsupported.

There are two SQL queries executed, one in the lookupPrimaryKeys method and one in lookupObjectIdentities. These are built from the same select and "order by" clause, using a different where clause in each case. In order to use custom schema or column names, each of these SQL clauses can be customized, but they must be consistent with each other and with the expected result set generated by the the default values.

  • Field Details

  • Constructor Details

    • BasicLookupStrategy

      public BasicLookupStrategy(DataSource dataSource, AclCache aclCache, AclAuthorizationStrategy aclAuthorizationStrategy, AuditLogger auditLogger)
      Constructor accepting mandatory arguments
      Parameters:
      dataSource - to access the database
      aclCache - the cache where fully-loaded elements can be stored
      aclAuthorizationStrategy - authorization strategy (required)
    • BasicLookupStrategy

      public BasicLookupStrategy(DataSource dataSource, AclCache aclCache, AclAuthorizationStrategy aclAuthorizationStrategy, PermissionGrantingStrategy grantingStrategy)
      Creates a new instance
      Parameters:
      dataSource - to access the database
      aclCache - the cache where fully-loaded elements can be stored
      aclAuthorizationStrategy - authorization strategy (required)
      grantingStrategy - the PermissionGrantingStrategy
  • Method Details

    • readAclsById

      public final Map<ObjectIdentity,Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids)
      The main method.

      WARNING: This implementation completely disregards the "sids" argument! Every item in the cache is expected to contain all SIDs. If you have serious performance needs (e.g. a very large number of SIDs per object identity), you'll probably want to develop a custom LookupStrategy implementation instead.

      The implementation works in batch sizes specified by batchSize.

      Specified by:
      readAclsById in interface LookupStrategy
      Parameters:
      objects - the identities to lookup (required)
      sids - the SIDs for which identities are required (ignored by this implementation)
      Returns:
      a Map where keys represent the ObjectIdentity of the located Acl and values are the located Acl (never null although some entries may be missing; this method should not throw NotFoundException, as a chain of LookupStrategys may be used to automatically create entries if required)
    • createSid

      protected Sid createSid(boolean isPrincipal, String sid)
      Creates a particular implementation of Sid depending on the arguments.
      Parameters:
      sid - the name of the sid representing its unique identifier. In typical ACL database schema it's located in table acl_sid table, sid column.
      isPrincipal - whether it's a user or granted authority like role
      Returns:
      the instance of Sid with the sidName as an identifier
    • setPermissionFactory

      public final void setPermissionFactory(PermissionFactory permissionFactory)
      Sets the PermissionFactory instance which will be used to convert loaded permission data values to Permissions. A DefaultPermissionFactory will be used by default.
      Parameters:
      permissionFactory -
    • setBatchSize

      public final void setBatchSize(int batchSize)
    • setSelectClause

      public final void setSelectClause(String selectClause)
      The SQL for the select clause. If customizing in order to modify column names, schema etc, the other SQL customization fields must also be set to match.
      Parameters:
      selectClause - the select clause, which defaults to DEFAULT_SELECT_CLAUSE.
    • setLookupPrimaryKeysWhereClause

      public final void setLookupPrimaryKeysWhereClause(String lookupPrimaryKeysWhereClause)
      The SQL for the where clause used in the lookupPrimaryKey method.
    • setLookupObjectIdentitiesWhereClause

      public final void setLookupObjectIdentitiesWhereClause(String lookupObjectIdentitiesWhereClause)
      The SQL for the where clause used in the lookupObjectIdentities method.
    • setOrderByClause

      public final void setOrderByClause(String orderByClause)
      The SQL for the "order by" clause used in both queries.
    • setAclClassIdSupported

      public final void setAclClassIdSupported(boolean aclClassIdSupported)
    • setObjectIdentityGenerator

      public final void setObjectIdentityGenerator(ObjectIdentityGenerator objectIdentityGenerator)
    • setConversionService

      public final void setConversionService(org.springframework.core.convert.ConversionService conversionService)