public class RoleBasedACLProviderImpl extends ACLProviderImpl
Implementation of ACLProvider
that uses the identity roles when checking if access to a protected resource
should be granted or not. If no roles are associated with the specified identity, then the default implementation,
which is based on the identity name, is used. Otherwise, #isAccessGranted()
iterates over the roles and if
one of the roles has sufficient permissions, then access is granted.
strategy
Constructor and Description |
---|
RoleBasedACLProviderImpl() |
Modifier and Type | Method and Description |
---|---|
protected void |
getAllRoles(Role role,
List<Role> roles)
This method traverses the role tree that has the specified root role and puts all simple (i.e.
|
<T> Set<T> |
getEntitlements(Class<T> clazz,
Resource resource,
Identity identity)
For a given Resource and an Identity, return all the entitlements
Eg: A portal page can consist of say 10 components such as windows, subpages
etc.
|
boolean |
isAccessGranted(Resource resource,
Identity identity,
ACLPermission permission)
This method overrides the default implementation to use roles instead of the identity name when checking for
permissions.
|
fillEntitlements, getInitialPermissions, getPersistenceStrategy, initialize, loadClass, setPersistenceStrategy, tearDown
public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity) throws AuthorizationException
ACLProvider
For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc. Now the Portal page can be the resource and for a given identity, the entitlements would be the subset of these 10 components to which the identity has access
getEntitlements
in interface ACLProvider
getEntitlements
in class ACLProviderImpl
AuthorizationException
public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission permission) throws AuthorizationException
This method overrides the default implementation to use roles instead of the identity name when checking for permissions. If the specified identity has one or more roles associated with it, this implementation will use these roles to check if the identity should be granted access to the resource or not.
isAccessGranted
in interface ACLProvider
isAccessGranted
in class ACLProviderImpl
resource
- the Resource
being accessed.identity
- the Identity
trying to access the resource.permission
- the permissions needed to access the resource.true
if the identity has enough permissions to access the resource; false
otherwise.AuthorizationException
- if no ACL
can be found for the specified resource.protected void getAllRoles(Role role, List<Role> roles)
This method traverses the role tree that has the specified root role and puts all simple (i.e. not an instance of RoleGroup) roles into the specified roles list.
role
- the root of the role tree.roles
- the List<Role>
that contains the simple roles of the tree.Copyright © 2017 JBoss by Red Hat. All rights reserved.