EffectiveAclsResolver xref

View Javadoc

1   /* Copyright 2004 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.acl.basic;
17  
18  import org.acegisecurity.Authentication;
19  import org.acegisecurity.acl.AclEntry;
20  
21  
22  /***
23   * Determines the ACLs that are effective for a given
24   * <code>Authentication</code> object.
25   * 
26   * <P>
27   * Implementations will vary depending on their ability to interpret the
28   * "recipient" object types contained in {@link BasicAclEntry} instances, and
29   * how those recipient object types correspond to
30   * <code>Authentication</code>-presented principals and granted authorities.
31   * </p>
32   * 
33   * <P>
34   * Implementations should not filter the resulting ACL list from lower-order
35   * permissions. So if a resulting ACL list grants a "read" permission, an
36   * "unlimited" permission and a "zero" permission (due to the effective ACLs
37   * for different granted authorities held by the <code>Authentication</code>
38   * object), all three permissions would be returned as distinct
39   * <code>BasicAclEntry</code> instances. It is the responsibility of the
40   * relying classes (voters and business methods) to ignore or handle
41   * lower-order permissions in a business logic dependent manner.
42   * </p>
43   *
44   * @author Ben Alex
45   * @version $Id: EffectiveAclsResolver.java,v 1.2 2005/11/17 00:55:47 benalex Exp $
46   */
47  public interface EffectiveAclsResolver {
48      //~ Methods ================================================================
49  
50      /***
51       * Determines the ACLs that apply to the presented
52       * <code>Authentication</code> object.
53       *
54       * @param allAcls every ACL assigned to a domain object instance
55       * @param filteredBy the principal (populated with
56       *        <code>GrantedAuthority</code>s along with any other members that
57       *        relate to role or group membership) that effective ACLs should
58       *        be returned for
59       *
60       * @return the ACLs that apply to the presented principal, or
61       *         <code>null</code> if there are none after filtering
62       */
63      public AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls,
64          Authentication filteredBy);
65  }