AbstractAclProvider xref

View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.afterinvocation;
17  
18  import org.acegisecurity.Authentication;
19  import org.acegisecurity.ConfigAttribute;
20  
21  import org.acegisecurity.acls.Acl;
22  import org.acegisecurity.acls.AclService;
23  import org.acegisecurity.acls.NotFoundException;
24  import org.acegisecurity.acls.Permission;
25  import org.acegisecurity.acls.domain.BasePermission;
26  import org.acegisecurity.acls.objectidentity.ObjectIdentity;
27  import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy;
28  import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategyImpl;
29  import org.acegisecurity.acls.sid.Sid;
30  import org.acegisecurity.acls.sid.SidRetrievalStrategy;
31  import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl;
32  
33  import org.springframework.util.Assert;
34  
35  
36  /**
37   * DOCUMENT ME!
38   *
39   * @author $author$
40   * @version $Revision$
41    */
42  public abstract class AbstractAclProvider implements AfterInvocationProvider {
43      //~ Instance fields ================================================================================================
44  
45      private AclService aclService;
46      private Class processDomainObjectClass = Object.class;
47      private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
48      private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
49      private String processConfigAttribute;
50      private Permission[] requirePermission = {BasePermission.READ};
51  
52      //~ Constructors ===================================================================================================
53  
54      public AbstractAclProvider(AclService aclService, String processConfigAttribute, Permission[] requirePermission) {
55          Assert.hasText(processConfigAttribute, "A processConfigAttribute is mandatory");
56          Assert.notNull(aclService, "An AclService is mandatory");
57  
58          if ((requirePermission == null) || (requirePermission.length == 0)) {
59              throw new IllegalArgumentException("One or more requirePermission entries is mandatory");
60          }
61  
62          this.aclService = aclService;
63          this.processConfigAttribute = processConfigAttribute;
64          this.requirePermission = requirePermission;
65      }
66  
67      //~ Methods ========================================================================================================
68  
69      protected Class getProcessDomainObjectClass() {
70          return processDomainObjectClass;
71      }
72  
73      protected boolean hasPermission(Authentication authentication, Object domainObject) {
74          // Obtain the OID applicable to the domain object
75          ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
76  
77          // Obtain the SIDs applicable to the principal
78          Sid[] sids = sidRetrievalStrategy.getSids(authentication);
79  
80          Acl acl = null;
81  
82          try {
83              // Lookup only ACLs for SIDs we're interested in
84              acl = aclService.readAclById(objectIdentity, sids);
85  
86              return acl.isGranted(requirePermission, sids, false);
87          } catch (NotFoundException ignore) {
88              return false;
89          }
90      }
91  
92      public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
93          Assert.notNull(objectIdentityRetrievalStrategy, "ObjectIdentityRetrievalStrategy required");
94          this.objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
95      }
96  
97      protected void setProcessConfigAttribute(String processConfigAttribute) {
98          Assert.hasText(processConfigAttribute, "A processConfigAttribute is mandatory");
99          this.processConfigAttribute = processConfigAttribute;
100     }
101 
102     public void setProcessDomainObjectClass(Class processDomainObjectClass) {
103         Assert.notNull(processDomainObjectClass, "processDomainObjectClass cannot be set to null");
104         this.processDomainObjectClass = processDomainObjectClass;
105     }
106 
107     public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) {
108         Assert.notNull(sidRetrievalStrategy, "SidRetrievalStrategy required");
109         this.sidRetrievalStrategy = sidRetrievalStrategy;
110     }
111 
112     public boolean supports(ConfigAttribute attribute) {
113         if ((attribute.getAttribute() != null) && attribute.getAttribute().equals(this.processConfigAttribute)) {
114             return true;
115         } else {
116             return false;
117         }
118     }
119 
120     /**
121      * This implementation supports any type of class, because it does not query the presented secure object.
122      *
123      * @param clazz the secure object
124      *
125      * @return always <code>true</code>
126      */
127     public boolean supports(Class clazz) {
128         return true;
129     }
130 }