org.jboss.security.acl
Class ACLProviderImpl

java.lang.Object
  extended by org.jboss.security.acl.ACLProviderImpl
All Implemented Interfaces:
org.jboss.security.acl.ACLProvider
Direct Known Subclasses:
RoleBasedACLProviderImpl

public class ACLProviderImpl
extends Object
implements org.jboss.security.acl.ACLProvider

This class is the standard ACLProvider implementation. The access control decisions are based on the name of the specified identity (that is, it assumes that entries in an ACL are keyed by the name of the identity and not by other attributes, like the its roles).

Author:
Stefan Guilhen

Field Summary
protected  org.jboss.security.acl.ACLPersistenceStrategy strategy
          persistence strategy used to retrieve the ACLs
 
Constructor Summary
ACLProviderImpl()
           
 
Method Summary
protected  void fillEntitlements(Set<EntitlementEntry> entitlements, org.jboss.security.authorization.Resource resource, String identityName, org.jboss.security.acl.ACLPermission permission)
           Helper method that populates the entitlements collection as it traverses through the resources.
<T> Set<T>
getEntitlements(Class<T> clazz, org.jboss.security.authorization.Resource resource, org.jboss.security.identity.Identity identity)
           
protected  org.jboss.security.acl.ACLPermission getInitialPermissions(org.jboss.security.authorization.Resource resource, String identityName)
           This method retrieves the permissions the specified identity has over the specified resource.
 org.jboss.security.acl.ACLPersistenceStrategy getPersistenceStrategy()
           
 void initialize(Map<String,Object> sharedState, Map<String,Object> options)
           
 boolean isAccessGranted(org.jboss.security.authorization.Resource resource, org.jboss.security.identity.Identity identity, org.jboss.security.acl.ACLPermission permission)
           
protected  Class<?> loadClass(String name)
           Loads the specified class using a PrivilegedExceptionAction.
 void setPersistenceStrategy(org.jboss.security.acl.ACLPersistenceStrategy strategy)
           
 boolean tearDown()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

strategy

protected org.jboss.security.acl.ACLPersistenceStrategy strategy
persistence strategy used to retrieve the ACLs

Constructor Detail

ACLProviderImpl

public ACLProviderImpl()
Method Detail

initialize

public void initialize(Map<String,Object> sharedState,
                       Map<String,Object> options)
Specified by:
initialize in interface org.jboss.security.acl.ACLProvider

getEntitlements

public <T> Set<T> getEntitlements(Class<T> clazz,
                                  org.jboss.security.authorization.Resource resource,
                                  org.jboss.security.identity.Identity identity)
                       throws org.jboss.security.authorization.AuthorizationException
Specified by:
getEntitlements in interface org.jboss.security.acl.ACLProvider
Throws:
org.jboss.security.authorization.AuthorizationException

fillEntitlements

protected void fillEntitlements(Set<EntitlementEntry> entitlements,
                                org.jboss.security.authorization.Resource resource,
                                String identityName,
                                org.jboss.security.acl.ACLPermission permission)

Helper method that populates the entitlements collection as it traverses through the resources. The resources are visited using a depth-first search algorithm, and when each node is visited one of the following happens:

    • an ACL for the resource is located and there is an entry for the identity - the permissions assigned to the identity are used to construct the EntitlementEntry object and this object is added to the collection. The method is then called recursively for each one of the resource's children passing the permissions that were extracted from the ACL.
      an ACL for the resource is found, but there is no entry for the identity - this means the identity doesn't have any permissions regarding the specified resource. Thus, no EntitlementEntry object is constructed and the method simply returns. No child resources are processed as it is assumed that the identity doesn't have the right to do anything in the resource's subtree.
      no ACL is found - this means that the resource itself is not protected by any ACL. We assume that if a parent resource has an ACL, then the permissions assigned to the parent's ACL should be used.
  • Parameters:
    entitlements - a reference for the collection of EntitlementEntry objects that is being constructed.
    resource - the Resource being visited.
    identityName - a String representing the identity for which the entitlements are being built.
    permission - the ACLPermission to be used in case no ACL is found for the resource being visited.

    getInitialPermissions

    protected org.jboss.security.acl.ACLPermission getInitialPermissions(org.jboss.security.authorization.Resource resource,
                                                                         String identityName)

    This method retrieves the permissions the specified identity has over the specified resource. It starts by looking for the resource's ACL. If one is found and if the ACL has entry for the identity, the respective permissions are returned. If no entry is found, we assume the identity hasn't been assigned any permissions and null is returned.

    If the resource doesn't have an associated ACL, we start looking for an ACL in the parent resource recursively, until an ACL is located or until no parent resource is found. In the first case, the algorithm described above is used to return the identity's permissions. In the latter case, we return all permissions (lack of an ACL means that the resource is not protected and the user should be granted all permissions).

    Parameters:
    resource - the Resource for which we want to discover the permissions that have been assigned to the specified identity.
    identityName - a String representing the identity for which we want to discover the permissions regarding the specified resource.
    Returns:
    an ACLPermission containing the permissions that have been assigned to the identity with respect to the specified resource, or null if the identity has no permissions at all.

    getPersistenceStrategy

    public org.jboss.security.acl.ACLPersistenceStrategy getPersistenceStrategy()
    Specified by:
    getPersistenceStrategy in interface org.jboss.security.acl.ACLProvider

    setPersistenceStrategy

    public void setPersistenceStrategy(org.jboss.security.acl.ACLPersistenceStrategy strategy)
    Specified by:
    setPersistenceStrategy in interface org.jboss.security.acl.ACLProvider

    isAccessGranted

    public boolean isAccessGranted(org.jboss.security.authorization.Resource resource,
                                   org.jboss.security.identity.Identity identity,
                                   org.jboss.security.acl.ACLPermission permission)
                            throws org.jboss.security.authorization.AuthorizationException
    Specified by:
    isAccessGranted in interface org.jboss.security.acl.ACLProvider
    Throws:
    org.jboss.security.authorization.AuthorizationException

    tearDown

    public boolean tearDown()
    Specified by:
    tearDown in interface org.jboss.security.acl.ACLProvider

    loadClass

    protected Class<?> loadClass(String name)
                          throws PrivilegedActionException

    Loads the specified class using a PrivilegedExceptionAction.

    Parameters:
    name - a String containing the fully-qualified name of the class to be loaded.
    Returns:
    a reference to the loaded Class.
    Throws:
    PrivilegedActionException - if an error occurs while loading the specified class.


    Copyright © 2009 JBoss Inc.. All Rights Reserved.