java.lang.Object | |
↳ | org.springframework.security.acls.domain.AclImpl |
Base implementation of Acl
.
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Minimal constructor, which should be used
createAcl(ObjectIdentity) . | |||||||||||
This constructor is deprecated.
Use the version which takes a
PermissionGrantingStrategy argument instead.
| |||||||||||
Full constructor, which should be used by persistence tools that do not
provide field-level access features.
|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Returns all of the entries represented by the present Acl.
| |||||||||||
Obtains an identifier that represents this MutableAcl.
| |||||||||||
Obtains the domain object this Acl provides entries for.
| |||||||||||
Determines the owner of the Acl.
| |||||||||||
A domain object may have a parent for the purpose of ACL inheritance.
| |||||||||||
Indicates whether the ACL entries from the
getParentAcl() should flow down into the current
Acl. | |||||||||||
Delegates to the
PermissionGrantingStrategy . | |||||||||||
For efficiency reasons an Acl may be loaded and not contain entries for every
Sid in the system.
| |||||||||||
Change the value returned by
isEntriesInheriting() . | |||||||||||
Changes the present owner to a different owner.
| |||||||||||
Changes the parent of this ACL.
| |||||||||||
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
org.springframework.security.acls.model.Acl
| |||||||||||
From interface
org.springframework.security.acls.model.AuditableAcl
| |||||||||||
From interface
org.springframework.security.acls.model.MutableAcl
| |||||||||||
From interface
org.springframework.security.acls.model.OwnershipAcl
|
Minimal constructor, which should be used createAcl(ObjectIdentity)
.
objectIdentity | the object identity this ACL relates to (required) |
---|---|
id | the primary key assigned to this ACL (required) |
aclAuthorizationStrategy | authorization strategy (required) |
auditLogger | audit logger (required) |
This constructor is deprecated.
Use the version which takes a PermissionGrantingStrategy
argument instead.
Full constructor, which should be used by persistence tools that do not provide field-level access features.
objectIdentity | the object identity this ACL relates to |
---|---|
id | the primary key assigned to this ACL |
aclAuthorizationStrategy | authorization strategy |
grantingStrategy | the PermissionGrantingStrategy which will be used by the isGranted() method |
parentAcl | the parent (may be may be null ) |
loadedSids | the loaded SIDs if only a subset were loaded (may be null ) |
entriesInheriting | if ACEs from the parent should inherit into this ACL |
owner | the owner (required) |
Returns all of the entries represented by the present Acl. Entries associated with the Acl parents are not returned.
This method is typically used for administrative purposes.
The order that entries appear in the array is important for methods declared in the
MutableAcl
interface. Furthermore, some implementations MAY use ordering as
part of advanced permission checking.
Do NOT use this method for making authorization decisions. Instead use isGranted(List, List, boolean)
.
This method must operate correctly even if the Acl only represents a subset of Sids. The caller is responsible for correctly handling the result if only a subset of Sids is represented.
Obtains an identifier that represents this MutableAcl.
Obtains the domain object this Acl provides entries for. This is immutable once an Acl is created.
Determines the owner of the Acl. The meaning of ownership varies by implementation and is unspecified.
A domain object may have a parent for the purpose of ACL inheritance. If there is a parent, its ACL can be accessed via this method. In turn, the parent's parent (grandparent) can be accessed and so on.
This method solely represents the presence of a navigation hierarchy between the parent Acl and this
Acl. For actual inheritance to take place, the isEntriesInheriting()
must also be
true.
This method must operate correctly even if the Acl only represents a subset of Sids. The caller is responsible for correctly handling the result if only a subset of Sids is represented.
NotFoundException |
---|
Indicates whether the ACL entries from the getParentAcl()
should flow down into the current
Acl.
The mere link between an Acl and a parent Acl on its own is insufficient to cause ACL entries to inherit down. This is because a domain object may wish to have entirely independent entries, but maintain the link with the parent for navigation purposes. Thus, this method denotes whether or not the navigation relationship also extends to the actual inheritance of entries.
Delegates to the PermissionGrantingStrategy
.
permission | the permission or permissions required (at least one entry required) |
---|---|
sids | the security identities held by the principal (at least one entry required) |
administrativeMode | if true denotes the query is for administrative purposes and no logging or auditing (if supported by the implementation) should be undertaken |
UnloadedSidException | if the passed SIDs are unknown to this ACL because the ACL was only loaded for a subset of SIDs |
---|---|
NotFoundException |
For efficiency reasons an Acl may be loaded and not contain entries for every Sid in the system. If an Acl has been loaded and does not represent every Sid, all methods of the Acl can only be used within the limited scope of the Sid instances it actually represents.
It is normal to load an Acl for only particular Sids if read-only authorization decisions are being made. However, if user interface reporting or modification of Acls are desired, an Acl should be loaded with all Sids. This method denotes whether or not the specified Sids have been loaded or not.
sids | one or more security identities the caller is interest in knowing whether this Sid supports |
---|
Change the value returned by isEntriesInheriting()
.
entriesInheriting | the new value |
---|
Changes the present owner to a different owner.
newOwner | the new owner (mandatory; cannot be null) |
---|
Changes the parent of this ACL.
newParent | the new parent |
---|