| java.lang.Object | |
| ↳ | org.springframework.security.acls.domain.AclImpl |
Class Overview
Base implementation of Acl.
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Minimal constructor, which should be used
createAcl(ObjectIdentity). | |||||||||||
This constructor is deprecated.
Use the version which takes a
PermissionGrantingStrategy argument instead.
| |||||||||||
Full constructor, which should be used by persistence tools that do not
provide field-level access features.
| |||||||||||
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Returns all of the entries represented by the present Acl.
| |||||||||||
Obtains an identifier that represents this MutableAcl.
| |||||||||||
Obtains the domain object this Acl provides entries for.
| |||||||||||
Determines the owner of the Acl.
| |||||||||||
A domain object may have a parent for the purpose of ACL inheritance.
| |||||||||||
Indicates whether the ACL entries from the
getParentAcl() should flow down into the current
Acl. | |||||||||||
Delegates to the
PermissionGrantingStrategy. | |||||||||||
For efficiency reasons an Acl may be loaded and not contain entries for every
Sid in the system.
| |||||||||||
Change the value returned by
isEntriesInheriting(). | |||||||||||
Changes the present owner to a different owner.
| |||||||||||
Changes the parent of this ACL.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
|
From interface
org.springframework.security.acls.model.Acl
| |||||||||||
|
From interface
org.springframework.security.acls.model.AuditableAcl
| |||||||||||
|
From interface
org.springframework.security.acls.model.MutableAcl
| |||||||||||
|
From interface
org.springframework.security.acls.model.OwnershipAcl
| |||||||||||
Public Constructors
public AclImpl (ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy, AuditLogger auditLogger)
Minimal constructor, which should be used createAcl(ObjectIdentity).
Parameters
| objectIdentity | the object identity this ACL relates to (required) |
|---|---|
| id | the primary key assigned to this ACL (required) |
| aclAuthorizationStrategy | authorization strategy (required) |
| auditLogger | audit logger (required) |
public AclImpl (ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy, AuditLogger auditLogger, Acl parentAcl, List<Sid> loadedSids, boolean entriesInheriting, Sid owner)
This constructor is deprecated.
Use the version which takes a PermissionGrantingStrategy argument instead.
public AclImpl (ObjectIdentity objectIdentity, Serializable id, AclAuthorizationStrategy aclAuthorizationStrategy, PermissionGrantingStrategy grantingStrategy, Acl parentAcl, List<Sid> loadedSids, boolean entriesInheriting, Sid owner)
Full constructor, which should be used by persistence tools that do not provide field-level access features.
Parameters
| objectIdentity | the object identity this ACL relates to |
|---|---|
| id | the primary key assigned to this ACL |
| aclAuthorizationStrategy | authorization strategy |
| grantingStrategy | the PermissionGrantingStrategy which will be used by the isGranted() method |
| parentAcl | the parent (may be may be null) |
| loadedSids | the loaded SIDs if only a subset were loaded (may be null) |
| entriesInheriting | if ACEs from the parent should inherit into this ACL |
| owner | the owner (required) |
Public Methods
public List<AccessControlEntry> getEntries ()
Returns all of the entries represented by the present Acl. Entries associated with the Acl parents are not returned.
This method is typically used for administrative purposes.
The order that entries appear in the array is important for methods declared in the
MutableAcl interface. Furthermore, some implementations MAY use ordering as
part of advanced permission checking.
Do NOT use this method for making authorization decisions. Instead use isGranted(List, List, boolean).
This method must operate correctly even if the Acl only represents a subset of Sids. The caller is responsible for correctly handling the result if only a subset of Sids is represented.
Returns
- the list of entries represented by the Acl, or null if there are no entries presently associated with this Acl.
public Serializable getId ()
Obtains an identifier that represents this MutableAcl.
Returns
- the identifier, or null if unsaved
public ObjectIdentity getObjectIdentity ()
Obtains the domain object this Acl provides entries for. This is immutable once an Acl is created.
Returns
- the object identity (never null)
public Sid getOwner ()
Determines the owner of the Acl. The meaning of ownership varies by implementation and is unspecified.
Returns
- the owner (may be null if the implementation does not use ownership concepts)
public Acl getParentAcl ()
A domain object may have a parent for the purpose of ACL inheritance. If there is a parent, its ACL can be accessed via this method. In turn, the parent's parent (grandparent) can be accessed and so on.
This method solely represents the presence of a navigation hierarchy between the parent Acl and this
Acl. For actual inheritance to take place, the isEntriesInheriting() must also be
true.
This method must operate correctly even if the Acl only represents a subset of Sids. The caller is responsible for correctly handling the result if only a subset of Sids is represented.
Returns
- the parent Acl (may be null if this Acl does not have a parent)
public void insertAce (int atIndexLocation, Permission permission, Sid sid, boolean granting)
Throws
| NotFoundException |
|---|
public boolean isEntriesInheriting ()
Indicates whether the ACL entries from the getParentAcl() should flow down into the current
Acl.
The mere link between an Acl and a parent Acl on its own is insufficient to cause ACL entries to inherit down. This is because a domain object may wish to have entirely independent entries, but maintain the link with the parent for navigation purposes. Thus, this method denotes whether or not the navigation relationship also extends to the actual inheritance of entries.
Returns
- true if parent ACL entries inherit into the current Acl
public boolean isGranted (List<Permission> permission, List<Sid> sids, boolean administrativeMode)
Delegates to the PermissionGrantingStrategy.
Parameters
| permission | the permission or permissions required (at least one entry required) |
|---|---|
| sids | the security identities held by the principal (at least one entry required) |
| administrativeMode | if true denotes the query is for administrative purposes and no logging or auditing (if supported by the implementation) should be undertaken |
Returns
- true if authorization is granted
Throws
| UnloadedSidException | if the passed SIDs are unknown to this ACL because the ACL was only loaded for a subset of SIDs |
|---|---|
| NotFoundException |
See Also
public boolean isSidLoaded (List<Sid> sids)
For efficiency reasons an Acl may be loaded and not contain entries for every Sid in the system. If an Acl has been loaded and does not represent every Sid, all methods of the Acl can only be used within the limited scope of the Sid instances it actually represents.
It is normal to load an Acl for only particular Sids if read-only authorization decisions are being made. However, if user interface reporting or modification of Acls are desired, an Acl should be loaded with all Sids. This method denotes whether or not the specified Sids have been loaded or not.
Parameters
| sids | one or more security identities the caller is interest in knowing whether this Sid supports |
|---|
Returns
- true if every passed Sid is represented by this Acl instance
public void setEntriesInheriting (boolean entriesInheriting)
Change the value returned by isEntriesInheriting().
Parameters
| entriesInheriting | the new value |
|---|
public void setOwner (Sid newOwner)
Changes the present owner to a different owner.
Parameters
| newOwner | the new owner (mandatory; cannot be null) |
|---|
public void setParent (Acl newParent)
Changes the parent of this ACL.
Parameters
| newParent | the new parent |
|---|