Class AclImpl
- All Implemented Interfaces:
Serializable
,Acl
,AuditableAcl
,MutableAcl
,OwnershipAcl
Acl
.- See Also:
-
Constructor Summary
ConstructorDescriptionAclImpl
(ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy, AuditLogger auditLogger) Minimal constructor, which should be usedMutableAclService.createAcl(ObjectIdentity)
.AclImpl
(ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy, PermissionGrantingStrategy grantingStrategy, Acl parentAcl, List<Sid> loadedSids, boolean entriesInheriting, Sid owner) Full constructor, which should be used by persistence tools that do not provide field-level access features. -
Method Summary
Modifier and TypeMethodDescriptionvoid
deleteAce
(int aceIndex) boolean
Returns all of the entries represented by the present Acl.getId()
Obtains an identifier that represents this MutableAcl.Obtains the domain object this Acl provides entries for.getOwner()
Determines the owner of the Acl.A domain object may have a parent for the purpose of ACL inheritance.int
hashCode()
void
insertAce
(int atIndexLocation, Permission permission, Sid sid, boolean granting) boolean
Indicates whether the ACL entries from theAcl.getParentAcl()
should flow down into the current Acl.boolean
isGranted
(List<Permission> permission, List<Sid> sids, boolean administrativeMode) Delegates to thePermissionGrantingStrategy
.boolean
isSidLoaded
(List<Sid> sids) For efficiency reasons an Acl may be loaded and not contain entries for every Sid in the system.void
setEntriesInheriting
(boolean entriesInheriting) Change the value returned byAcl.isEntriesInheriting()
.void
Changes the present owner to a different owner.void
Changes the parent of this ACL.toString()
void
updateAce
(int aceIndex, Permission permission) void
updateAuditing
(int aceIndex, boolean auditSuccess, boolean auditFailure)
-
Constructor Details
-
AclImpl
public AclImpl(ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy, AuditLogger auditLogger) Minimal constructor, which should be usedMutableAclService.createAcl(ObjectIdentity)
.- Parameters:
objectIdentity
- the object identity this ACL relates to (required)id
- the primary key assigned to this ACL (required)aclAuthorizationStrategy
- authorization strategy (required)auditLogger
- audit logger (required)
-
AclImpl
public AclImpl(ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy, PermissionGrantingStrategy grantingStrategy, Acl parentAcl, List<Sid> loadedSids, boolean entriesInheriting, Sid owner) Full constructor, which should be used by persistence tools that do not provide field-level access features.- Parameters:
objectIdentity
- the object identity this ACL relates toid
- the primary key assigned to this ACLaclAuthorizationStrategy
- authorization strategygrantingStrategy
- thePermissionGrantingStrategy
which will be used by theisGranted()
methodparentAcl
- the parent (may be may benull
)loadedSids
- the loaded SIDs if only a subset were loaded (may benull
)entriesInheriting
- if ACEs from the parent should inherit into this ACLowner
- the owner (required)
-
-
Method Details
-
deleteAce
- Specified by:
deleteAce
in interfaceMutableAcl
- Throws:
NotFoundException
-
insertAce
public void insertAce(int atIndexLocation, Permission permission, Sid sid, boolean granting) throws NotFoundException - Specified by:
insertAce
in interfaceMutableAcl
- Throws:
NotFoundException
-
getEntries
Description copied from interface:Acl
Returns all of the entries represented by the present Acl. Entries associated with the Acl parents are not returned.This method is typically used for administrative purposes.
The order that entries appear in the array is important for methods declared in the
MutableAcl
interface. Furthermore, some implementations MAY use ordering as part of advanced permission checking.Do NOT use this method for making authorization decisions. Instead use
Acl.isGranted(List, List, boolean)
.This method must operate correctly even if the Acl only represents a subset of Sids. The caller is responsible for correctly handling the result if only a subset of Sids is represented.
- Specified by:
getEntries
in interfaceAcl
- Returns:
- the list of entries represented by the Acl, or null if there are no entries presently associated with this Acl.
-
getId
Description copied from interface:MutableAcl
Obtains an identifier that represents this MutableAcl.- Specified by:
getId
in interfaceMutableAcl
- Returns:
- the identifier, or null if unsaved
-
getObjectIdentity
Description copied from interface:Acl
Obtains the domain object this Acl provides entries for. This is immutable once an Acl is created.- Specified by:
getObjectIdentity
in interfaceAcl
- Returns:
- the object identity (never null)
-
isEntriesInheriting
public boolean isEntriesInheriting()Description copied from interface:Acl
Indicates whether the ACL entries from theAcl.getParentAcl()
should flow down into the current Acl.The mere link between an Acl and a parent Acl on its own is insufficient to cause ACL entries to inherit down. This is because a domain object may wish to have entirely independent entries, but maintain the link with the parent for navigation purposes. Thus, this method denotes whether or not the navigation relationship also extends to the actual inheritance of entries.
- Specified by:
isEntriesInheriting
in interfaceAcl
- Returns:
- true if parent ACL entries inherit into the current Acl
-
isGranted
public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException Delegates to thePermissionGrantingStrategy
.- Specified by:
isGranted
in interfaceAcl
- Parameters:
permission
- the permission or permissions required (at least one entry required)sids
- the security identities held by the principal (at least one entry required)administrativeMode
- if true denotes the query is for administrative purposes and no logging or auditing (if supported by the implementation) should be undertaken- Returns:
- true if authorization is granted
- Throws:
UnloadedSidException
- if the passed SIDs are unknown to this ACL because the ACL was only loaded for a subset of SIDsNotFoundException
- MUST be thrown if an implementation cannot make an authoritative authorization decision, usually because there is no ACL information for this particular permission and/or SID- See Also:
-
isSidLoaded
Description copied from interface:Acl
For efficiency reasons an Acl may be loaded and not contain entries for every Sid in the system. If an Acl has been loaded and does not represent every Sid, all methods of the Acl can only be used within the limited scope of the Sid instances it actually represents.It is normal to load an Acl for only particular Sids if read-only authorization decisions are being made. However, if user interface reporting or modification of Acls are desired, an Acl should be loaded with all Sids. This method denotes whether or not the specified Sids have been loaded or not.
- Specified by:
isSidLoaded
in interfaceAcl
- Parameters:
sids
- one or more security identities the caller is interest in knowing whether this Sid supports- Returns:
- true if every passed Sid is represented by this Acl instance
-
setEntriesInheriting
public void setEntriesInheriting(boolean entriesInheriting) Description copied from interface:MutableAcl
Change the value returned byAcl.isEntriesInheriting()
.- Specified by:
setEntriesInheriting
in interfaceMutableAcl
- Parameters:
entriesInheriting
- the new value
-
setOwner
Description copied from interface:MutableAcl
Changes the present owner to a different owner.- Specified by:
setOwner
in interfaceMutableAcl
- Specified by:
setOwner
in interfaceOwnershipAcl
- Parameters:
newOwner
- the new owner (mandatory; cannot be null)
-
getOwner
Description copied from interface:Acl
Determines the owner of the Acl. The meaning of ownership varies by implementation and is unspecified. -
setParent
Description copied from interface:MutableAcl
Changes the parent of this ACL.- Specified by:
setParent
in interfaceMutableAcl
- Parameters:
newParent
- the new parent
-
getParentAcl
Description copied from interface:Acl
A domain object may have a parent for the purpose of ACL inheritance. If there is a parent, its ACL can be accessed via this method. In turn, the parent's parent (grandparent) can be accessed and so on.This method solely represents the presence of a navigation hierarchy between the parent Acl and this Acl. For actual inheritance to take place, the
Acl.isEntriesInheriting()
must also be true.This method must operate correctly even if the Acl only represents a subset of Sids. The caller is responsible for correctly handling the result if only a subset of Sids is represented.
- Specified by:
getParentAcl
in interfaceAcl
- Returns:
- the parent Acl (may be null if this Acl does not have a parent)
-
updateAce
- Specified by:
updateAce
in interfaceMutableAcl
- Throws:
NotFoundException
-
updateAuditing
public void updateAuditing(int aceIndex, boolean auditSuccess, boolean auditFailure) - Specified by:
updateAuditing
in interfaceAuditableAcl
-
equals
-
hashCode
public int hashCode() -
toString
-