All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.acegisecurity.acl.basic.GrantedAuthorityEffectiveAclsResolver Maven / Gradle / Ivy

There is a newer version: 1.0.7
Show newest version
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity.acl.basic;

import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;

import org.acegisecurity.acl.AclEntry;

import org.acegisecurity.userdetails.UserDetails;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import java.util.List;
import java.util.Vector;


/**
 * Simple implementation of {@link EffectiveAclsResolver}.

This implementation does not need to understand the * "recipient" types presented in a BasicAclEntry because it merely delegates to the detected {@link * Authentication#getPrincipal()} or {@link Authentication#getAuthorities()}. The principal object or granted * authorities object has its Object.equals(recipient) method called to make the decision as to whether * the recipient in the BasicAclEntry is the same as the principal or granted authority.

*

This class should prove an adequate ACLs resolver if you're using standard Acegi Security classes. This is * because the typical Authentication token is UsernamePasswordAuthenticationToken, which * for its principal is usually a String. The GrantedAuthorityImpl is typically * used for granted authorities, which tests for equality based on a String. This means * BasicAclDaos simply need to return a String to represent the recipient. If you use * non-String objects, you will probably require an alternative EffectiveAclsResolver.

* * @author Ben Alex * @version $Id: GrantedAuthorityEffectiveAclsResolver.java 1496 2006-05-23 13:38:33Z benalex $ */ public class GrantedAuthorityEffectiveAclsResolver implements EffectiveAclsResolver { //~ Static fields/initializers ===================================================================================== private static final Log logger = LogFactory.getLog(GrantedAuthorityEffectiveAclsResolver.class); //~ Methods ======================================================================================================== public AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, Authentication filteredBy) { if ((allAcls == null) || (allAcls.length == 0)) { return null; } List list = new Vector(); if (logger.isDebugEnabled()) { logger.debug("Locating AclEntry[]s (from set of " + ((allAcls == null) ? 0 : allAcls.length) + ") that apply to Authentication: " + filteredBy); } for (int i = 0; i < allAcls.length; i++) { if (!(allAcls[i] instanceof BasicAclEntry)) { continue; } Object recipient = ((BasicAclEntry) allAcls[i]).getRecipient(); // Allow the Authentication's getPrincipal to decide whether // the presented recipient is "equal" (allows BasicAclDaos to // return Strings rather than proper objects in simple cases) if (filteredBy.getPrincipal().equals(recipient)) { if (logger.isDebugEnabled()) { logger.debug("Principal matches AclEntry recipient: " + recipient); } list.add(allAcls[i]); } else if (filteredBy.getPrincipal() instanceof UserDetails && ((UserDetails) filteredBy.getPrincipal()).getUsername().equals(recipient)) { if (logger.isDebugEnabled()) { logger.debug("Principal (from UserDetails) matches AclEntry recipient: " + recipient); } list.add(allAcls[i]); } else { // No direct match against principal; try each authority. // As with the principal, allow each of the Authentication's // granted authorities to decide whether the presented // recipient is "equal" GrantedAuthority[] authorities = filteredBy.getAuthorities(); if ((authorities == null) || (authorities.length == 0)) { if (logger.isDebugEnabled()) { logger.debug( "Did not match principal and there are no granted authorities, so cannot compare with recipient: " + recipient); } continue; } for (int k = 0; k < authorities.length; k++) { if (authorities[k].equals(recipient)) { if (logger.isDebugEnabled()) { logger.debug("GrantedAuthority: " + authorities[k] + " matches recipient: " + recipient); } list.add(allAcls[i]); } } } } // return null if appropriate (as per interface contract) if (list.size() > 0) { if (logger.isDebugEnabled()) { logger.debug("Returning effective AclEntry array with " + list.size() + " elements"); } return (BasicAclEntry[]) list.toArray(new BasicAclEntry[] {}); } else { if (logger.isDebugEnabled()) { logger.debug("Returning null AclEntry array as zero effective AclEntrys found"); } return null; } } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy