Package org.springframework.security.acls.domain

Class AclAuthorizationStrategyImpl

java.lang.Object

org.springframework.security.acls.domain.AclAuthorizationStrategyImpl

All Implemented Interfaces:

AclAuthorizationStrategy

public class AclAuthorizationStrategyImpl
extends Object
implements AclAuthorizationStrategy

Default implementation of AclAuthorizationStrategy.

Permission will be granted if at least one of the following conditions is true for the current principal.

• is the owner (as defined by the ACL).
• holds the relevant system-wide GrantedAuthority injected into the constructor.
• has BasePermission.ADMINISTRATION permission (as defined by the ACL).

Field Summary

Fields inherited from interface org.springframework.security.acls.domain.AclAuthorizationStrategy

CHANGE_AUDITING, CHANGE_GENERAL, CHANGE_OWNERSHIP

Constructor Summary

Constructors

Constructor	Description
AclAuthorizationStrategyImpl(GrantedAuthority... auths)	Constructor.

Method Summary

Modifier and Type	Method	Description
protected Sid	createCurrentUser(Authentication authentication)	Creates a principal-like sid from the authentication information.
void	securityCheck(Acl acl, int changeType)
void	setRoleHierarchy(RoleHierarchy roleHierarchy)	Sets the RoleHierarchy to use.
void	setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)	Sets the SecurityContextHolderStrategy to use.
void	setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AclAuthorizationStrategyImpl

public AclAuthorizationStrategyImpl(GrantedAuthority... auths)

Constructor. The only mandatory parameter relates to the system-wide GrantedAuthority instances that can be held to always permit ACL changes.

Parameters:

auths - the GrantedAuthoritys that have special permissions (index 0 is the authority needed to change ownership, index 1 is the authority needed to modify auditing details, index 2 is the authority needed to change other ACL and ACE details) (required)

Alternatively, a single value can be supplied for all three permissions.

Method Details

securityCheck

public void securityCheck(Acl acl,
 int changeType)

Specified by:

securityCheck in interface AclAuthorizationStrategy

createCurrentUser

protected Sid createCurrentUser(Authentication authentication)

Creates a principal-like sid from the authentication information.

Parameters:

authentication - the authentication information that can provide principal and thus the sid's id will be dependant on the value inside

Returns:

a sid with the ID taken from the authentication information

setSidRetrievalStrategy

public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)

setSecurityContextHolderStrategy

public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)

Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.

Since:

5.8

setRoleHierarchy

public void setRoleHierarchy(RoleHierarchy roleHierarchy)

Sets the RoleHierarchy to use. The default is to use a NullRoleHierarchy

Since:

6.4