Class AclAuthorizationStrategyImpl
java.lang.Object
org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
- All Implemented Interfaces:
AclAuthorizationStrategy
Default implementation of
AclAuthorizationStrategy
.
Permission will be granted if at least one of the following conditions is true for the current principal.
- is the owner (as defined by the ACL).
- holds the relevant system-wide
GrantedAuthority
injected into the constructor. - has
BasePermission.ADMINISTRATION
permission (as defined by the ACL).
-
Field Summary
Fields inherited from interface org.springframework.security.acls.domain.AclAuthorizationStrategy
CHANGE_AUDITING, CHANGE_GENERAL, CHANGE_OWNERSHIP
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected Sid
createCurrentUser
(Authentication authentication) Creates a principal-like sid from the authentication information.void
securityCheck
(Acl acl, int changeType) void
setRoleHierarchy
(RoleHierarchy roleHierarchy) Sets theRoleHierarchy
to use.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setSidRetrievalStrategy
(SidRetrievalStrategy sidRetrievalStrategy)
-
Constructor Details
-
AclAuthorizationStrategyImpl
Constructor. The only mandatory parameter relates to the system-wideGrantedAuthority
instances that can be held to always permit ACL changes.- Parameters:
auths
- theGrantedAuthority
s that have special permissions (index 0 is the authority needed to change ownership, index 1 is the authority needed to modify auditing details, index 2 is the authority needed to change other ACL and ACE details) (required)Alternatively, a single value can be supplied for all three permissions.
-
-
Method Details
-
securityCheck
- Specified by:
securityCheck
in interfaceAclAuthorizationStrategy
-
createCurrentUser
Creates a principal-like sid from the authentication information.- Parameters:
authentication
- the authentication information that can provide principal and thus the sid's id will be dependant on the value inside- Returns:
- a sid with the ID taken from the authentication information
-
setSidRetrievalStrategy
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setRoleHierarchy
Sets theRoleHierarchy
to use. The default is to use aNullRoleHierarchy
- Since:
- 6.4
-