Class RoleBasedACLProviderImpl
- java.lang.Object
-
- org.jboss.security.acl.ACLProviderImpl
-
- org.jboss.security.acl.RoleBasedACLProviderImpl
-
- All Implemented Interfaces:
ACLProvider
public class RoleBasedACLProviderImpl extends ACLProviderImpl
Implementation of
ACLProvider
that uses the identity roles when checking if access to a protected resource should be granted or not. If no roles are associated with the specified identity, then the default implementation, which is based on the identity name, is used. Otherwise,#isAccessGranted()
iterates over the roles and if one of the roles has sufficient permissions, then access is granted.- Author:
- Stefan Guilhen
-
-
Field Summary
-
Fields inherited from class org.jboss.security.acl.ACLProviderImpl
strategy
-
-
Constructor Summary
Constructors Constructor Description RoleBasedACLProviderImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
getAllRoles(Role role, List<Role> roles)
This method traverses the role tree that has the specified root role and puts all simple (i.e.<T> Set<T>
getEntitlements(Class<T> clazz, Resource resource, Identity identity)
For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc.boolean
isAccessGranted(Resource resource, Identity identity, ACLPermission permission)
This method overrides the default implementation to use roles instead of the identity name when checking for permissions.-
Methods inherited from class org.jboss.security.acl.ACLProviderImpl
fillEntitlements, getInitialPermissions, getPersistenceStrategy, initialize, loadClass, setPersistenceStrategy, tearDown
-
-
-
-
Method Detail
-
getEntitlements
public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity) throws AuthorizationException
Description copied from interface:ACLProvider
For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc. Now the Portal page can be the resource and for a given identity, the entitlements would be the subset of these 10 components to which the identity has access
- Specified by:
getEntitlements
in interfaceACLProvider
- Overrides:
getEntitlements
in classACLProviderImpl
- Returns:
- Throws:
AuthorizationException
-
isAccessGranted
public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission permission) throws AuthorizationException
This method overrides the default implementation to use roles instead of the identity name when checking for permissions. If the specified identity has one or more roles associated with it, this implementation will use these roles to check if the identity should be granted access to the resource or not.
- Specified by:
isAccessGranted
in interfaceACLProvider
- Overrides:
isAccessGranted
in classACLProviderImpl
- Parameters:
resource
- theResource
being accessed.identity
- theIdentity
trying to access the resource.permission
- the permissions needed to access the resource.- Returns:
true
if the identity has enough permissions to access the resource;false
otherwise.- Throws:
AuthorizationException
- if noACL
can be found for the specified resource.
-
getAllRoles
protected void getAllRoles(Role role, List<Role> roles)
This method traverses the role tree that has the specified root role and puts all simple (i.e. not an instance of RoleGroup) roles into the specified roles list.
- Parameters:
role
- the root of the role tree.roles
- theList<Role>
that contains the simple roles of the tree.
-
-