Class ACLProviderImpl
- java.lang.Object
-
- org.jboss.security.acl.ACLProviderImpl
-
- All Implemented Interfaces:
ACLProvider
- Direct Known Subclasses:
RoleBasedACLProviderImpl
public class ACLProviderImpl extends Object implements ACLProvider
This class is the standard
ACLProviderimplementation. The access control decisions are based on the name of the specified identity (that is, it assumes that entries in an ACL are keyed by the name of the identity and not by other attributes, like the its roles).- Author:
- Stefan Guilhen
-
-
Field Summary
Fields Modifier and Type Field Description protected ACLPersistenceStrategystrategypersistence strategy used to retrieve the ACLs
-
Constructor Summary
Constructors Constructor Description ACLProviderImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidfillEntitlements(Set<EntitlementEntry> entitlements, Resource resource, String identityName, ACLPermission permission)Helper method that populates theentitlementscollection as it traverses through the resources.<T> Set<T>getEntitlements(Class<T> clazz, Resource resource, Identity identity)For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc.protected ACLPermissiongetInitialPermissions(Resource resource, String identityName)This method retrieves the permissions the specified identity has over the specified resource.ACLPersistenceStrategygetPersistenceStrategy()Obtains theACLPersistenceStrategyassociated with this provider.voidinitialize(Map<String,Object> sharedState, Map<String,Object> options)Initialize the providerbooleanisAccessGranted(Resource resource, Identity identity, ACLPermission permission)Checks if the given identity has the permissions needed to access the specified resource.protected Class<?>loadClass(String name)Loads the specified class using aPrivilegedExceptionAction.voidsetPersistenceStrategy(ACLPersistenceStrategy persistenceStrategy)Sets the persistence strategy to be used by this provider.booleantearDown()Give an opportunity for the provider to finalize the operations
-
-
-
Field Detail
-
strategy
protected ACLPersistenceStrategy strategy
persistence strategy used to retrieve the ACLs
-
-
Method Detail
-
initialize
public void initialize(Map<String,Object> sharedState, Map<String,Object> options)
Description copied from interface:ACLProviderInitialize the provider- Specified by:
initializein interfaceACLProvider- Parameters:
sharedState- Shared Stateoptions- Options
-
getEntitlements
public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity) throws AuthorizationException
Description copied from interface:ACLProviderFor a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc. Now the Portal page can be the resource and for a given identity, the entitlements would be the subset of these 10 components to which the identity has access
- Specified by:
getEntitlementsin interfaceACLProvider- Returns:
- Throws:
AuthorizationException
-
fillEntitlements
protected void fillEntitlements(Set<EntitlementEntry> entitlements, Resource resource, String identityName, ACLPermission permission)
Helper method that populates the
entitlementscollection as it traverses through the resources. The resources are visited using a depth-first search algorithm, and when each node is visited one of the following happens:-
an ACL for the resource is located and there is an entry for the identity - the permissions assigned to the
identity are used to construct the
EntitlementEntryobject and this object is added to the collection. The method is then called recursively for each one of the resource's children passing the permissions that were extracted from the ACL.-
an ACL for the resource is found, but there is no entry for the identity - this means the identity doesn't have
any permissions regarding the specified resource. Thus, no
EntitlementEntryobject is constructed and the method simply returns. No child resources are processed as it is assumed that the identity doesn't have the right to do anything in the resource's subtree.-
no ACL is found - this means that the resource itself is not protected by any ACL. We assume that if a parent
resource has an ACL, then the permissions assigned to the parent's ACL should be used.
- Parameters:
entitlements- a reference for the collection ofEntitlementEntryobjects that is being constructed.resource- theResourcebeing visited.identityName- aStringrepresenting the identity for which the entitlements are being built.permission- theACLPermissionto be used in case no ACL is found for the resource being visited.
-
getInitialPermissions
protected ACLPermission getInitialPermissions(Resource resource, String identityName)
This method retrieves the permissions the specified identity has over the specified resource. It starts by looking for the resource's ACL. If one is found and if the ACL has entry for the identity, the respective permissions are returned. If no entry is found, we assume the identity hasn't been assigned any permissions and
nullis returned.If the resource doesn't have an associated ACL, we start looking for an ACL in the parent resource recursively, until an ACL is located or until no parent resource is found. In the first case, the algorithm described above is used to return the identity's permissions. In the latter case, we return all permissions (lack of an ACL means that the resource is not protected and the user should be granted all permissions).
- Parameters:
resource- theResourcefor which we want to discover the permissions that have been assigned to the specified identity.identityName- aStringrepresenting the identity for which we want to discover the permissions regarding the specified resource.- Returns:
- an
ACLPermissioncontaining the permissions that have been assigned to the identity with respect to the specified resource, ornullif the identity has no permissions at all.
-
getPersistenceStrategy
public ACLPersistenceStrategy getPersistenceStrategy()
Description copied from interface:ACLProviderObtains the
ACLPersistenceStrategyassociated with this provider.- Specified by:
getPersistenceStrategyin interfaceACLProvider- Returns:
- a reference to the
ACLPersistenceStrategyused by this provider.
-
setPersistenceStrategy
public void setPersistenceStrategy(ACLPersistenceStrategy persistenceStrategy)
Description copied from interface:ACLProviderSets the persistence strategy to be used by this provider.
- Specified by:
setPersistenceStrategyin interfaceACLProvider- Parameters:
persistenceStrategy- a reference to theACLPersistenceStrategyto be used.
-
isAccessGranted
public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission permission) throws AuthorizationException
Description copied from interface:ACLProviderChecks if the given identity has the permissions needed to access the specified resource. This involves finding the
ACLassociated with the resource and consulting theACLto determine if access should be granted or not to the identity.- Specified by:
isAccessGrantedin interfaceACLProvider- Parameters:
resource- theResourcebeing accessed.identity- theIdentitytrying to access the resource.permission- the permissions needed to access the resource.- Returns:
trueif the identity has enough permissions to access the resource;falseotherwise.- Throws:
AuthorizationException- if noACLcan be found for the specified resource.
-
tearDown
public boolean tearDown()
Description copied from interface:ACLProviderGive an opportunity for the provider to finalize the operations- Specified by:
tearDownin interfaceACLProvider- Returns:
-
loadClass
protected Class<?> loadClass(String name) throws PrivilegedActionException
Loads the specified class using a
PrivilegedExceptionAction.- Parameters:
name- aStringcontaining the fully-qualified name of the class to be loaded.- Returns:
- a reference to the loaded
Class. - Throws:
PrivilegedActionException- if an error occurs while loading the specified class.
-
-