Class RoleBasedACLProviderImpl

  • All Implemented Interfaces:
    ACLProvider

    public class RoleBasedACLProviderImpl
    extends ACLProviderImpl

    Implementation of ACLProvider that uses the identity roles when checking if access to a protected resource should be granted or not. If no roles are associated with the specified identity, then the default implementation, which is based on the identity name, is used. Otherwise, #isAccessGranted() iterates over the roles and if one of the roles has sufficient permissions, then access is granted.

    Author:
    Stefan Guilhen
    • Constructor Detail

      • RoleBasedACLProviderImpl

        public RoleBasedACLProviderImpl()
    • Method Detail

      • isAccessGranted

        public boolean isAccessGranted​(Resource resource,
                                       Identity identity,
                                       ACLPermission permission)
                                throws AuthorizationException

        This method overrides the default implementation to use roles instead of the identity name when checking for permissions. If the specified identity has one or more roles associated with it, this implementation will use these roles to check if the identity should be granted access to the resource or not.

        Specified by:
        isAccessGranted in interface ACLProvider
        Overrides:
        isAccessGranted in class ACLProviderImpl
        Parameters:
        resource - the Resource being accessed.
        identity - the Identity trying to access the resource.
        permission - the permissions needed to access the resource.
        Returns:
        true if the identity has enough permissions to access the resource; false otherwise.
        Throws:
        AuthorizationException - if no ACL can be found for the specified resource.
      • getAllRoles

        protected void getAllRoles​(Role role,
                                   List<Role> roles)

        This method traverses the role tree that has the specified root role and puts all simple (i.e. not an instance of RoleGroup) roles into the specified roles list.

        Parameters:
        role - the root of the role tree.
        roles - the List<Role> that contains the simple roles of the tree.