org.jboss.security.acl

Class RoleBasedACLProviderImpl

java.lang.Object

org.jboss.security.acl.ACLProviderImpl

org.jboss.security.acl.RoleBasedACLProviderImpl

All Implemented Interfaces:

ACLProvider

public class RoleBasedACLProviderImpl
extends ACLProviderImpl

Implementation of ACLProvider that uses the identity roles when checking if access to a protected resource should be granted or not. If no roles are associated with the specified identity, then the default implementation, which is based on the identity name, is used. Otherwise, #isAccessGranted() iterates over the roles and if one of the roles has sufficient permissions, then access is granted.

Author:

Stefan Guilhen

Field Summary

Fields inherited from class org.jboss.security.acl.ACLProviderImpl

strategy

Constructor Summary

Constructors

Constructor and Description
RoleBasedACLProviderImpl()

Method Summary

Modifier and Type	Method and Description
protected void	getAllRoles(Role role, List<Role> roles) This method traverses the role tree that has the specified root role and puts all simple (i.e.
<T> Set<T>	getEntitlements(Class<T> clazz, Resource resource, Identity identity) For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc.
boolean	isAccessGranted(Resource resource, Identity identity, ACLPermission permission) This method overrides the default implementation to use roles instead of the identity name when checking for permissions.

Methods inherited from class org.jboss.security.acl.ACLProviderImpl

fillEntitlements, getInitialPermissions, getPersistenceStrategy, initialize, loadClass, setPersistenceStrategy, tearDown

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RoleBasedACLProviderImpl

public RoleBasedACLProviderImpl()

Method Detail

getEntitlements

public <T> Set<T> getEntitlements(Class<T> clazz,
                                  Resource resource,
                                  Identity identity)
                           throws AuthorizationException

Description copied from interface: ACLProvider

For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc. Now the Portal page can be the resource and for a given identity, the entitlements would be the subset of these 10 components to which the identity has access

Specified by:

getEntitlements in interface ACLProvider

Overrides:

getEntitlements in class ACLProviderImpl

Returns:

Throws:

AuthorizationException

isAccessGranted

public boolean isAccessGranted(Resource resource,
                               Identity identity,
                               ACLPermission permission)
                        throws AuthorizationException

This method overrides the default implementation to use roles instead of the identity name when checking for permissions. If the specified identity has one or more roles associated with it, this implementation will use these roles to check if the identity should be granted access to the resource or not.

Specified by:

isAccessGranted in interface ACLProvider

Overrides:

isAccessGranted in class ACLProviderImpl

Parameters:

resource - the Resource being accessed.

identity - the Identity trying to access the resource.

permission - the permissions needed to access the resource.

Returns:

true if the identity has enough permissions to access the resource; false otherwise.

Throws:

AuthorizationException - if no ACL can be found for the specified resource.

getAllRoles

protected void getAllRoles(Role role,
                           List<Role> roles)

This method traverses the role tree that has the specified root role and puts all simple (i.e. not an instance of RoleGroup) roles into the specified roles list.

Parameters:

role - the root of the role tree.

roles - the List<Role> that contains the simple roles of the tree.