public class ACLProviderImpl extends Object implements ACLProvider
This class is the standard ACLProvider
implementation. The access control decisions are based on the name of
the specified identity (that is, it assumes that entries in an ACL are keyed by the name of the identity and not by
other attributes, like the its roles).
Modifier and Type | Field and Description |
---|---|
protected ACLPersistenceStrategy |
strategy
persistence strategy used to retrieve the ACLs
|
Constructor and Description |
---|
ACLProviderImpl() |
Modifier and Type | Method and Description |
---|---|
protected void |
fillEntitlements(Set<EntitlementEntry> entitlements,
Resource resource,
String identityName,
ACLPermission permission)
Helper method that populates the
entitlements collection as it traverses through the resources. |
<T> Set<T> |
getEntitlements(Class<T> clazz,
Resource resource,
Identity identity)
For a given Resource and an Identity, return all the entitlements
Eg: A portal page can consist of say 10 components such as windows, subpages
etc.
|
protected ACLPermission |
getInitialPermissions(Resource resource,
String identityName)
This method retrieves the permissions the specified identity has over the specified resource.
|
ACLPersistenceStrategy |
getPersistenceStrategy()
Obtains the
ACLPersistenceStrategy associated with this provider. |
void |
initialize(Map<String,Object> sharedState,
Map<String,Object> options)
Initialize the provider
|
boolean |
isAccessGranted(Resource resource,
Identity identity,
ACLPermission permission)
Checks if the given identity has the permissions needed to access the specified resource.
|
protected Class<?> |
loadClass(String name)
Loads the specified class using a
PrivilegedExceptionAction . |
void |
setPersistenceStrategy(ACLPersistenceStrategy persistenceStrategy)
Sets the persistence strategy to be used by this provider.
|
boolean |
tearDown()
Give an opportunity for the provider to finalize the
operations
|
protected ACLPersistenceStrategy strategy
public void initialize(Map<String,Object> sharedState, Map<String,Object> options)
ACLProvider
initialize
in interface ACLProvider
sharedState
- Shared Stateoptions
- Optionspublic <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity) throws AuthorizationException
ACLProvider
For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc. Now the Portal page can be the resource and for a given identity, the entitlements would be the subset of these 10 components to which the identity has access
getEntitlements
in interface ACLProvider
AuthorizationException
protected void fillEntitlements(Set<EntitlementEntry> entitlements, Resource resource, String identityName, ACLPermission permission)
Helper method that populates the entitlements
collection as it traverses through the resources. The
resources are visited using a depth-first search algorithm, and when each node is visited one of the following
happens:
EntitlementEntry
object and this object is added to the collection. The
method is then called recursively for each one of the resource's children passing the permissions that were
extracted from the ACL.
EntitlementEntry
object is constructed and the
method simply returns. No child resources are processed as it is assumed that the identity doesn't have the right
to do anything in the resource's subtree.
entitlements
- a reference for the collection of EntitlementEntry
objects that is being constructed.resource
- the Resource
being visited.identityName
- a String
representing the identity for which the entitlements are being built.permission
- the ACLPermission
to be used in case no ACL is found for the resource being visited.protected ACLPermission getInitialPermissions(Resource resource, String identityName)
This method retrieves the permissions the specified identity has over the specified resource. It starts by looking
for the resource's ACL. If one is found and if the ACL has entry for the identity, the respective permissions are
returned. If no entry is found, we assume the identity hasn't been assigned any permissions and null
is
returned.
If the resource doesn't have an associated ACL, we start looking for an ACL in the parent resource recursively, until an ACL is located or until no parent resource is found. In the first case, the algorithm described above is used to return the identity's permissions. In the latter case, we return all permissions (lack of an ACL means that the resource is not protected and the user should be granted all permissions).
resource
- the Resource
for which we want to discover the permissions that have been assigned to the
specified identity.identityName
- a String
representing the identity for which we want to discover the permissions
regarding the specified resource.ACLPermission
containing the permissions that have been assigned to the identity with respect
to the specified resource, or null
if the identity has no permissions at all.public ACLPersistenceStrategy getPersistenceStrategy()
ACLProvider
Obtains the ACLPersistenceStrategy
associated with this provider.
getPersistenceStrategy
in interface ACLProvider
ACLPersistenceStrategy
used by this provider.public void setPersistenceStrategy(ACLPersistenceStrategy persistenceStrategy)
ACLProvider
Sets the persistence strategy to be used by this provider.
setPersistenceStrategy
in interface ACLProvider
persistenceStrategy
- a reference to the ACLPersistenceStrategy
to be used.public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission permission) throws AuthorizationException
ACLProvider
Checks if the given identity has the permissions needed to access the specified resource. This
involves finding the ACL
associated with the resource and consulting the ACL
to
determine if access should be granted or not to the identity.
isAccessGranted
in interface ACLProvider
resource
- the Resource
being accessed.identity
- the Identity
trying to access the resource.permission
- the permissions needed to access the resource.true
if the identity has enough permissions to access the resource; false
otherwise.AuthorizationException
- if no ACL
can be found for the specified resource.public boolean tearDown()
ACLProvider
tearDown
in interface ACLProvider
protected Class<?> loadClass(String name) throws PrivilegedActionException
Loads the specified class using a PrivilegedExceptionAction
.
name
- a String
containing the fully-qualified name of the class to be loaded.Class
.PrivilegedActionException
- if an error occurs while loading the specified class.Copyright © 2019 JBoss by Red Hat. All rights reserved.