Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.acl.basic
Class BasicAclProvider

java.lang.Object
  extended by org.acegisecurity.acl.basic.BasicAclProvider
All Implemented Interfaces:
AclProvider, InitializingBean
public class BasicAclProvider
extends Object
implements AclProvider, InitializingBean

Retrieves access control lists (ACL) entries for domain object instances from a data access object (DAO).

This implementation will provide ACL lookup services for any object that it can determine the AclObjectIdentity for by calling the obtainIdentity(Object) method. Subclasses can override this method if they only want the BasicAclProvider responding to particular domain object instances.

BasicAclProvider will walk an inheritance hierarchy if a BasicAclEntry returned by the DAO indicates it has a parent. NB: inheritance occurs at a domain instance object level. It does not occur at an ACL recipient level. This means allBasicAclEntrys for a given domain instance object must have the same parent identity, or allBasicAclEntrys must have null as their parent identity.

A cache should be used. This is provided by the BasicAclEntryCache. BasicAclProvider by default is setup to use the NullAclEntryCache, which performs no caching.

To implement the getAcls(Object, Authentication) method, BasicAclProvider requires a EffectiveAclsResolver to be configured against it. By default the GrantedAuthorityEffectiveAclsResolver is used.

Version:
$Id: BasicAclProvider.java,v 1.5 2005/11/17 00:55:47 benalex Exp $
Author:
Ben Alex

Constructor Summary
BasicAclProvider()
           
 
Method Summary
 void afterPropertiesSet()
           
 AclEntry[] getAcls(Object domainInstance)
          Obtains the ACLs that apply to the specified domain instance.
 AclEntry[] getAcls(Object domainInstance, Authentication authentication)
          Obtains the ACLs that apply to the specified domain instance and presented Authentication object.
 BasicAclDao getBasicAclDao()
           
 BasicAclEntryCache getBasicAclEntryCache()
           
 Class getDefaultAclObjectIdentityClass()
           
 EffectiveAclsResolver getEffectiveAclsResolver()
           
 Class getRestrictSupportToClass()
           
protected  AclObjectIdentity obtainIdentity(Object domainInstance)
          This method looks up the AclObjectIdentity of a passed domain object instance.
 void setBasicAclDao(BasicAclDao basicAclDao)
           
 void setBasicAclEntryCache(BasicAclEntryCache basicAclEntryCache)
           
 void setDefaultAclObjectIdentityClass(Class defaultAclObjectIdentityClass)
          Allows selection of the AclObjectIdentity class that an attempt should be made to construct if the passed object does not implement AclObjectIdentityAware.
 void setEffectiveAclsResolver(EffectiveAclsResolver effectiveAclsResolver)
           
 void setRestrictSupportToClass(Class restrictSupportToClass)
          If set to a value other than null, the supports(Object) method will only support the indicates class.
 boolean supports(Object domainInstance)
          Indicates support for the passed object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BasicAclProvider

public BasicAclProvider()
Method Detail

getAcls

public AclEntry[] getAcls(Object domainInstance)
Description copied from interface: AclProvider
Obtains the ACLs that apply to the specified domain instance.

Will never be called unless the AclProvider.supports(Object) method returned true.

Specified by:
getAcls in interface AclProvider
Parameters:
domainInstance - the instance for which ACL information is required (never null)
Returns:
the ACLs that apply, or null if no ACLs apply to the specified domain instance

getAcls

public AclEntry[] getAcls(Object domainInstance,
                          Authentication authentication)
Description copied from interface: AclProvider
Obtains the ACLs that apply to the specified domain instance and presented Authentication object.

Will never be called unless the AclProvider.supports(Object) method returned true.

Specified by:
getAcls in interface AclProvider
Parameters:
domainInstance - the instance for which ACL information is required (never null)
authentication - the prncipal for which ACL information should be filtered (never null)
Returns:
only those ACLs applying to the domain instance that have been granted to the principal (or null) if no such ACLs are found

setBasicAclDao

public void setBasicAclDao(BasicAclDao basicAclDao)

getBasicAclDao

public BasicAclDao getBasicAclDao()

setBasicAclEntryCache

public void setBasicAclEntryCache(BasicAclEntryCache basicAclEntryCache)

getBasicAclEntryCache

public BasicAclEntryCache getBasicAclEntryCache()

setDefaultAclObjectIdentityClass

public void setDefaultAclObjectIdentityClass(Class defaultAclObjectIdentityClass)
Allows selection of the AclObjectIdentity class that an attempt should be made to construct if the passed object does not implement AclObjectIdentityAware.

NB: Any defaultAclObjectIdentityClassmust provide a public constructor that accepts an Object. Otherwise it is not possible for the BasicAclProvider to try to create the AclObjectIdentity instance at runtime.

Parameters:
defaultAclObjectIdentityClass -

getDefaultAclObjectIdentityClass

public Class getDefaultAclObjectIdentityClass()

setEffectiveAclsResolver

public void setEffectiveAclsResolver(EffectiveAclsResolver effectiveAclsResolver)

getEffectiveAclsResolver

public EffectiveAclsResolver getEffectiveAclsResolver()

setRestrictSupportToClass

public void setRestrictSupportToClass(Class restrictSupportToClass)
If set to a value other than null, the supports(Object) method will only support the indicates class. This is useful if you wish to wire multiple BasicAclProviders in a list of AclProviderManager.providers but only have particular instances respond to particular domain object types.

Parameters:
restrictSupportToClass - the class to restrict this BasicAclProvider to service request for, or null (the default) if the BasicAclProvider should respond to every class presented

getRestrictSupportToClass

public Class getRestrictSupportToClass()

afterPropertiesSet

public void afterPropertiesSet()
Specified by:
afterPropertiesSet in interface InitializingBean

supports

public boolean supports(Object domainInstance)
Indicates support for the passed object.

An object will only be supported if it (i) is allowed to be supported as defined by the setRestrictSupportToClass(Class) method, and (ii) if an AclObjectIdentity is returned by obtainIdentity(Object) for that object.

Specified by:
supports in interface AclProvider
Parameters:
domainInstance - the instance to check
Returns:
true if this provider supports the passed object, false otherwise

obtainIdentity

protected AclObjectIdentity obtainIdentity(Object domainInstance)
This method looks up the AclObjectIdentity of a passed domain object instance.

This implementation attempts to obtain the AclObjectIdentity via reflection inspection of the class for the AclObjectIdentityAware interface. If this fails, an attempt is made to construct a getDefaultAclObjectIdentityClass() object by passing the domain instance object into its constructor.

Parameters:
domainInstance - the domain object instance (never null)
Returns:
an ACL object identity, or null if one could not be obtained
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2005 Acegi Technology Pty Limited. All Rights Reserved.