Class AclPermissionEvaluator
java.lang.Object
org.springframework.security.acls.AclPermissionEvaluator
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,PermissionEvaluator
Used by Spring Security's expression-based access control implementation to evaluate
permissions for a particular object using the ACL module. Similar in behaviour to
AclEntryVoter
.- Since:
- 3.0
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
hasPermission
(Authentication authentication, Serializable targetId, String targetType, Object permission) Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.boolean
hasPermission
(Authentication authentication, Object domainObject, Object permission) Determines whether the user has the given permission(s) on the domain object using the ACL configuration.void
setObjectIdentityGenerator
(ObjectIdentityGenerator objectIdentityGenerator) void
setObjectIdentityRetrievalStrategy
(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) void
setPermissionFactory
(PermissionFactory permissionFactory) void
setSidRetrievalStrategy
(SidRetrievalStrategy sidRetrievalStrategy)
-
Constructor Details
-
AclPermissionEvaluator
-
-
Method Details
-
hasPermission
Determines whether the user has the given permission(s) on the domain object using the ACL configuration. If the domain object is null, returns false (this can always be overridden using a null check in the expression itself).- Specified by:
hasPermission
in interfacePermissionEvaluator
- Parameters:
authentication
- represents the user in question. Should not be null.domainObject
- the domain object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.permission
- a representation of the permission object as supplied by the expression system. Not null.- Returns:
- true if the permission is granted, false otherwise
-
hasPermission
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) Description copied from interface:PermissionEvaluator
Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.- Specified by:
hasPermission
in interfacePermissionEvaluator
- Parameters:
authentication
- represents the user in question. Should not be null.targetId
- the identifier for the object instance (usually a Long)targetType
- a String representing the target's type (usually a Java classname). Not null.permission
- a representation of the permission object as supplied by the expression system. Not null.- Returns:
- true if the permission is granted, false otherwise
-
setObjectIdentityRetrievalStrategy
public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) -
setObjectIdentityGenerator
-
setSidRetrievalStrategy
-
setPermissionFactory
-