Class AclPermissionEvaluator

java.lang.Object
org.springframework.security.acls.AclPermissionEvaluator
All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean, PermissionEvaluator

public class AclPermissionEvaluator extends Object implements PermissionEvaluator
Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module. Similar in behaviour to AclEntryVoter.
Since:
3.0
  • Constructor Details

    • AclPermissionEvaluator

      public AclPermissionEvaluator(AclService aclService)
  • Method Details

    • hasPermission

      public boolean hasPermission(Authentication authentication, Object domainObject, Object permission)
      Determines whether the user has the given permission(s) on the domain object using the ACL configuration. If the domain object is null, returns false (this can always be overridden using a null check in the expression itself).
      Specified by:
      hasPermission in interface PermissionEvaluator
      Parameters:
      authentication - represents the user in question. Should not be null.
      domainObject - the domain object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.
      permission - a representation of the permission object as supplied by the expression system. Not null.
      Returns:
      true if the permission is granted, false otherwise
    • hasPermission

      public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission)
      Description copied from interface: PermissionEvaluator
      Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
      Specified by:
      hasPermission in interface PermissionEvaluator
      Parameters:
      authentication - represents the user in question. Should not be null.
      targetId - the identifier for the object instance (usually a Long)
      targetType - a String representing the target's type (usually a Java classname). Not null.
      permission - a representation of the permission object as supplied by the expression system. Not null.
      Returns:
      true if the permission is granted, false otherwise
    • setObjectIdentityRetrievalStrategy

      public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
    • setObjectIdentityGenerator

      public void setObjectIdentityGenerator(ObjectIdentityGenerator objectIdentityGenerator)
    • setSidRetrievalStrategy

      public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)
    • setPermissionFactory

      public void setPermissionFactory(PermissionFactory permissionFactory)