org.acegisecurity.acl.basic
Class AbstractBasicAclEntry

java.lang.Object
  org.acegisecurity.acl.basic.AbstractBasicAclEntry

All Implemented Interfaces:

Serializable, AclEntry, BasicAclEntry

Direct Known Subclasses:

SimpleAclEntry

public abstract class AbstractBasicAclEntry
extends Object
implements BasicAclEntry

Abstract implementation of BasicAclEntry.

Provides core bit mask handling methods.

Version:

$Id: AbstractBasicAclEntry.java,v 1.5 2005/11/17 00:55:47 benalex Exp $

Author:

Ben Alex

See Also:

Serialized Form

Constructor Summary

protected	AbstractBasicAclEntry() A protected constructor for use by Hibernate.
	AbstractBasicAclEntry(Object recipient, AclObjectIdentity aclObjectIdentity, AclObjectIdentity aclObjectParentIdentity, int mask)

Method Summary

int	addPermission(int permissionToAdd)
int	addPermissions(int[] permissionsToAdd)
int	deletePermission(int permissionToDelete)
int	deletePermissions(int[] permissionsToDelete)
AclObjectIdentity	getAclObjectIdentity() Indicates the domain object instance that is subject of this BasicAclEntry.
AclObjectIdentity	getAclObjectParentIdentity() Indicates any ACL parent of the domain object instance.
int	getMask() Access control lists in this package are based on bit masking.
Object	getRecipient() A domain object instance will usually have multiple BasicAclEntrys.
abstract int[]	getValidPermissions() Subclasses must indicate the permissions they support.
boolean	isPermitted(int permissionToCheck) Determine if the mask of this entry includes this permission or not
protected boolean	isPermitted(int maskToCheck, int permissionToCheck)
String	printPermissionsBlock() Outputs the permissions in human-friendly format for the current AbstractBasicAclEntry's mask.
abstract String	printPermissionsBlock(int i) Outputs the permissions in a human-friendly format.
void	setAclObjectIdentity(AclObjectIdentity aclObjectIdentity) This setter should only be used by DAO implementations.
void	setAclObjectParentIdentity(AclObjectIdentity aclObjectParentIdentity) This setter should only be used by DAO implementations.
void	setMask(int mask) This setter should only be used by DAO implementations.
void	setRecipient(Object recipient) This setter should only be used by DAO implementations.
int	togglePermission(int permissionToToggle)
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

AbstractBasicAclEntry

public AbstractBasicAclEntry(Object recipient,
                             AclObjectIdentity aclObjectIdentity,
                             AclObjectIdentity aclObjectParentIdentity,
                             int mask)

AbstractBasicAclEntry

protected AbstractBasicAclEntry()

A protected constructor for use by Hibernate.

Method Detail

setAclObjectIdentity

public void setAclObjectIdentity(AclObjectIdentity aclObjectIdentity)

Description copied from interface: BasicAclEntry

This setter should only be used by DAO implementations.

Specified by:

setAclObjectIdentity in interface BasicAclEntry

Parameters:

aclObjectIdentity - an object which can be used to uniquely identify the domain object instance subject of this ACL entry

getAclObjectIdentity

public AclObjectIdentity getAclObjectIdentity()

Description copied from interface: BasicAclEntry

Indicates the domain object instance that is subject of this BasicAclEntry. This information may be of interest to relying classes (voters and business methods) that wish to know the actual origination of the ACL entry (so as to distinguish individual ACL entries from others contributed by the inheritance hierarchy).

Specified by:

getAclObjectIdentity in interface BasicAclEntry

Returns:

the ACL object identity that is subject of this ACL entry (never null)

setAclObjectParentIdentity

public void setAclObjectParentIdentity(AclObjectIdentity aclObjectParentIdentity)

Description copied from interface: BasicAclEntry

This setter should only be used by DAO implementations.

Specified by:

setAclObjectParentIdentity in interface BasicAclEntry

Parameters:

aclObjectParentIdentity - an object which represents the parent of the domain object instance subject of this ACL entry, or null if either the domain object instance has no parent or its parent should be not used to compute an inheritance hierarchy

getAclObjectParentIdentity

public AclObjectIdentity getAclObjectParentIdentity()

Description copied from interface: BasicAclEntry

Indicates any ACL parent of the domain object instance. This is used by BasicAclProvider to walk the inheritance hierarchy. An domain object instance need not have a parent.

Specified by:

getAclObjectParentIdentity in interface BasicAclEntry

Returns:

the ACL object identity that is the parent of this ACL entry (may be null if no parent should be consulted)

getValidPermissions

public abstract int[] getValidPermissions()

Subclasses must indicate the permissions they support. Each base permission should be an integer with a base 2. ie: the first permission is 2^^0 (1), the second permission is 2^^1 (2), the third permission is 2^^2 (4) etc. Each base permission should be exposed by the subclass as a public static final int. It is further recommended that valid combinations of permissions are also exposed as public static final ints.

This method returns all permission integers that are allowed to be used together. This must include any combinations of valid permissions. So if the permissions indicated by 2^^2 (4) and 2^^1 (2) can be used together, one of the integers returned by this method must be 6 (4 + 2). Otherwise attempts to set the permission will be rejected, as the final resulting mask will be rejected.

Whilst it may seem unduly time onerous to return every valid permission combination, doing so delivers maximum flexibility in ensuring ACLs only reflect logical combinations. For example, it would be inappropriate to grant a "read" and "write" permission along with an "unrestricted" permission, as the latter implies the former permissions.

Returns:

every valid combination of permissions

printPermissionsBlock

public abstract String printPermissionsBlock(int i)

Outputs the permissions in a human-friendly format. For example, this method may return "CR-D" to indicate the passed integer permits create, permits read, does not permit update, and permits delete.

Parameters:

i - the integer containing the mask which should be printed

Returns:

the human-friend formatted block

setMask

public void setMask(int mask)

Description copied from interface: BasicAclEntry

This setter should only be used by DAO implementations.

Specified by:

setMask in interface BasicAclEntry

Parameters:

mask - the integer representing the permissions bit mask

getMask

public int getMask()

Description copied from interface: BasicAclEntry

Access control lists in this package are based on bit masking. The integer value of the bit mask can be obtained from this method.

Specified by:

getMask in interface BasicAclEntry

Returns:

the bit mask applicable to this ACL entry (zero indicates a bit mask where no permissions have been granted)

isPermitted

public boolean isPermitted(int permissionToCheck)

Description copied from interface: BasicAclEntry

Determine if the mask of this entry includes this permission or not

Specified by:

isPermitted in interface BasicAclEntry

Returns:

if the entry's mask includes this permission

setRecipient

public void setRecipient(Object recipient)

Description copied from interface: BasicAclEntry

This setter should only be used by DAO implementations.

Specified by:

setRecipient in interface BasicAclEntry

Parameters:

recipient - a representation of the recipient of this ACL entry that makes sense to an EffectiveAclsResolver implementation

getRecipient

public Object getRecipient()

Description copied from interface: BasicAclEntry

A domain object instance will usually have multiple BasicAclEntrys. Each separate BasicAclEntry applies to a particular "recipient". Typical examples of recipients include (but do not necessarily have to include) usernames, role names, complex granted authorities etc.

It is essential that only one BasicAclEntry exists for a given recipient. Otherwise conflicts as to the mask that should apply to a given recipient will occur.

This method indicates which recipient this BasicAclEntry applies to. The returned object type will vary depending on the type of recipient. For instance, it might be a String containing a username, or a GrantedAuthorityImpl containing a complex granted authority that is being granted the permissions contained in this access control entry. The EffectiveAclsResolver and BasicAclProvider.getAcls(Object, Authentication) can process the different recipient types and return only those that apply to a specified Authentication object.

Specified by:

getRecipient in interface BasicAclEntry

Returns:

the recipient of this access control list entry (never null)

addPermission

public int addPermission(int permissionToAdd)

addPermissions

public int addPermissions(int[] permissionsToAdd)

deletePermission

public int deletePermission(int permissionToDelete)

deletePermissions

public int deletePermissions(int[] permissionsToDelete)

printPermissionsBlock

public String printPermissionsBlock()

Outputs the permissions in human-friendly format for the current AbstractBasicAclEntry's mask.

Returns:

the human-friendly formatted block for this instance

toString

public String toString()

Overrides:

toString in class Object

togglePermission

public int togglePermission(int permissionToToggle)

isPermitted

protected boolean isPermitted(int maskToCheck,
                              int permissionToCheck)