org.jboss.security.acl
Class RoleBasedACLProviderImpl

java.lang.Object
  extended by org.jboss.security.acl.ACLProviderImpl
      extended by org.jboss.security.acl.RoleBasedACLProviderImpl
All Implemented Interfaces:
org.jboss.security.acl.ACLProvider

public class RoleBasedACLProviderImpl
extends ACLProviderImpl

Implementation of ACLProvider that uses the identity roles when checking if access to a protected resource should be granted or not. If no roles are associated with the specified identity, then the default implementation, which is based on the identity name, is used. Otherwise, #isAccessGranted() iterates over the roles and if one of the roles has sufficient permissions, then access is granted.

Author:
Stefan Guilhen

Field Summary
 
Fields inherited from class org.jboss.security.acl.ACLProviderImpl
strategy
 
Constructor Summary
RoleBasedACLProviderImpl()
           
 
Method Summary
protected  void getAllRoles(org.jboss.security.identity.Role role, List<org.jboss.security.identity.Role> roles)
           This method traverses the role tree that has the specified root role and puts all simple (i.e.
<T> Set<T>
getEntitlements(Class<T> clazz, org.jboss.security.authorization.Resource resource, org.jboss.security.identity.Identity identity)
           
 boolean isAccessGranted(org.jboss.security.authorization.Resource resource, org.jboss.security.identity.Identity identity, org.jboss.security.acl.ACLPermission permission)
           This method overrides the default implementation to use roles instead of the identity name when checking for permissions.
 
Methods inherited from class org.jboss.security.acl.ACLProviderImpl
fillEntitlements, getInitialPermissions, getPersistenceStrategy, initialize, loadClass, setPersistenceStrategy, tearDown
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RoleBasedACLProviderImpl

public RoleBasedACLProviderImpl()
Method Detail

getEntitlements

public <T> Set<T> getEntitlements(Class<T> clazz,
                                  org.jboss.security.authorization.Resource resource,
                                  org.jboss.security.identity.Identity identity)
                       throws org.jboss.security.authorization.AuthorizationException
Specified by:
getEntitlements in interface org.jboss.security.acl.ACLProvider
Overrides:
getEntitlements in class ACLProviderImpl
Throws:
org.jboss.security.authorization.AuthorizationException

isAccessGranted

public boolean isAccessGranted(org.jboss.security.authorization.Resource resource,
                               org.jboss.security.identity.Identity identity,
                               org.jboss.security.acl.ACLPermission permission)
                        throws org.jboss.security.authorization.AuthorizationException

This method overrides the default implementation to use roles instead of the identity name when checking for permissions. If the specified identity has one or more roles associated with it, this implementation will use these roles to check if the identity should be granted access to the resource or not.

Specified by:
isAccessGranted in interface org.jboss.security.acl.ACLProvider
Overrides:
isAccessGranted in class ACLProviderImpl
Throws:
org.jboss.security.authorization.AuthorizationException

getAllRoles

protected void getAllRoles(org.jboss.security.identity.Role role,
                           List<org.jboss.security.identity.Role> roles)

This method traverses the role tree that has the specified root role and puts all simple (i.e. not an instance of RoleGroup) roles into the specified roles list.

Parameters:
role - the root of the role tree.
roles - the List<Role> that contains the simple roles of the tree.


Copyright © 2009 JBoss Inc.. All Rights Reserved.