Class ACLProviderImpl

  • All Implemented Interfaces:
    ACLProvider
    Direct Known Subclasses:
    RoleBasedACLProviderImpl

    public class ACLProviderImpl
    extends Object
    implements ACLProvider

    This class is the standard ACLProvider implementation. The access control decisions are based on the name of the specified identity (that is, it assumes that entries in an ACL are keyed by the name of the identity and not by other attributes, like the its roles).

    Author:
    Stefan Guilhen
    • Constructor Detail

      • ACLProviderImpl

        public ACLProviderImpl()
    • Method Detail

      • getEntitlements

        public <T> Set<T> getEntitlements​(Class<T> clazz,
                                          Resource resource,
                                          Identity identity)
                                   throws AuthorizationException
        Description copied from interface: ACLProvider

        For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc. Now the Portal page can be the resource and for a given identity, the entitlements would be the subset of these 10 components to which the identity has access

        Specified by:
        getEntitlements in interface ACLProvider
        Returns:
        Throws:
        AuthorizationException
      • fillEntitlements

        protected void fillEntitlements​(Set<EntitlementEntry> entitlements,
                                        Resource resource,
                                        String identityName,
                                        ACLPermission permission)

        Helper method that populates the entitlements collection as it traverses through the resources. The resources are visited using a depth-first search algorithm, and when each node is visited one of the following happens:

        • an ACL for the resource is located and there is an entry for the identity - the permissions assigned to the identity are used to construct the EntitlementEntry object and this object is added to the collection. The method is then called recursively for each one of the resource's children passing the permissions that were extracted from the ACL.
          an ACL for the resource is found, but there is no entry for the identity - this means the identity doesn't have any permissions regarding the specified resource. Thus, no EntitlementEntry object is constructed and the method simply returns. No child resources are processed as it is assumed that the identity doesn't have the right to do anything in the resource's subtree.
          no ACL is found - this means that the resource itself is not protected by any ACL. We assume that if a parent resource has an ACL, then the permissions assigned to the parent's ACL should be used.
Parameters:
entitlements - a reference for the collection of EntitlementEntry objects that is being constructed.
resource - the Resource being visited.
identityName - a String representing the identity for which the entitlements are being built.
permission - the ACLPermission to be used in case no ACL is found for the resource being visited.