org.jboss.security.acl
Class RoleBasedACLProviderImpl
java.lang.Object
org.jboss.security.acl.ACLProviderImpl
org.jboss.security.acl.RoleBasedACLProviderImpl
- All Implemented Interfaces:
- org.jboss.security.acl.ACLProvider
public class RoleBasedACLProviderImpl
- extends ACLProviderImpl
Implementation of ACLProvider
that uses the identity roles when checking if access to a protected resource
should be granted or not. If no roles are associated with the specified identity, then the default implementation,
which is based on the identity name, is used. Otherwise, #isAccessGranted()
iterates over the roles and if
one of the roles has sufficient permissions, then access is granted.
- Author:
- Stefan Guilhen
Method Summary |
protected void |
getAllRoles(org.jboss.security.identity.Role role,
List<org.jboss.security.identity.Role> roles)
This method traverses the role tree that has the specified root role and puts all simple (i.e. |
|
getEntitlements(Class<T> clazz,
org.jboss.security.authorization.Resource resource,
org.jboss.security.identity.Identity identity)
|
boolean |
isAccessGranted(org.jboss.security.authorization.Resource resource,
org.jboss.security.identity.Identity identity,
org.jboss.security.acl.ACLPermission permission)
This method overrides the default implementation to use roles instead of the identity name when checking for
permissions. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
RoleBasedACLProviderImpl
public RoleBasedACLProviderImpl()
getEntitlements
public <T> Set<T> getEntitlements(Class<T> clazz,
org.jboss.security.authorization.Resource resource,
org.jboss.security.identity.Identity identity)
throws org.jboss.security.authorization.AuthorizationException
- Specified by:
getEntitlements
in interface org.jboss.security.acl.ACLProvider
- Overrides:
getEntitlements
in class ACLProviderImpl
- Throws:
org.jboss.security.authorization.AuthorizationException
isAccessGranted
public boolean isAccessGranted(org.jboss.security.authorization.Resource resource,
org.jboss.security.identity.Identity identity,
org.jboss.security.acl.ACLPermission permission)
throws org.jboss.security.authorization.AuthorizationException
This method overrides the default implementation to use roles instead of the identity name when checking for
permissions. If the specified identity has one or more roles associated with it, this implementation will use
these roles to check if the identity should be granted access to the resource or not.
- Specified by:
isAccessGranted
in interface org.jboss.security.acl.ACLProvider
- Overrides:
isAccessGranted
in class ACLProviderImpl
- Throws:
org.jboss.security.authorization.AuthorizationException
getAllRoles
protected void getAllRoles(org.jboss.security.identity.Role role,
List<org.jboss.security.identity.Role> roles)
This method traverses the role tree that has the specified root role and puts all simple (i.e. not an instance of
RoleGroup) roles into the specified roles list.
- Parameters:
role
- the root of the role tree.roles
- the List<Role>
that contains the simple roles of the tree.
Copyright © 2009 JBoss Inc.. All Rights Reserved.