com.atlassian.bamboo.security.acegi.acls
Class HibernateAclImpl

java.lang.Object
  extended by com.atlassian.bamboo.security.acegi.acls.HibernateAclImpl
All Implemented Interfaces:
HibernateAcl, java.io.Serializable, org.acegisecurity.acls.Acl, org.acegisecurity.acls.AuditableAcl, org.acegisecurity.acls.MutableAcl, org.acegisecurity.acls.OwnershipAcl

public class HibernateAclImpl
extends java.lang.Object
implements org.acegisecurity.acls.Acl, org.acegisecurity.acls.MutableAcl, org.acegisecurity.acls.AuditableAcl, org.acegisecurity.acls.OwnershipAcl, HibernateAcl

See Also:
Serialized Form

Constructor Summary
HibernateAclImpl()
          No-argument constructor for use by reflection-based persistence tools along with field-level access.
HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, org.acegisecurity.acls.Acl parentAcl, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner)
          Instantiation of type properties - to be used when creating via MutableAclService.createAcl(ObjectIdentity)
HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, java.io.Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
          Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity).
HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, java.io.Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy, org.acegisecurity.acls.Acl parentAcl, org.acegisecurity.acls.sid.Sid[] loadedSids, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner)
          Full constructor, which should be used by persistence tools that do not provide field-level access features.
 
Method Summary
 void deleteAce(java.io.Serializable aceId)
           
 boolean equals(java.lang.Object o)
           
 java.util.List getAces()
           
 org.acegisecurity.acls.AccessControlEntry[] getEntries()
           
 java.io.Serializable getId()
           
 org.acegisecurity.acls.objectidentity.ObjectIdentity getObjectIdentity()
           
 org.acegisecurity.acls.sid.Sid getOwner()
           
 org.acegisecurity.acls.Acl getParentAcl()
           
 int hashCode()
           
 void insertAce(java.io.Serializable afterAceId, org.acegisecurity.acls.Permission permission, org.acegisecurity.acls.sid.Sid sid, boolean granting)
           
 boolean isEntriesInheriting()
           
 boolean isGranted(org.acegisecurity.acls.Permission[] permission, org.acegisecurity.acls.sid.Sid[] sids, boolean administrativeMode)
          Determines authorization.
 boolean isSidLoaded(org.acegisecurity.acls.sid.Sid[] sids)
           
 void setAces(java.util.List aces)
           
 void setAclAuthorizationStrategy(org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
           
 void setEntriesInheriting(boolean entriesInheriting)
           
 void setId(java.io.Serializable id)
           
 void setObjectIdentity(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity)
           
 void setOwner(org.acegisecurity.acls.sid.Sid newOwner)
           
 void setParent(org.acegisecurity.acls.Acl newParent)
           
 void setParent(org.acegisecurity.acls.MutableAcl newParent)
           
 void setParentAcl(org.acegisecurity.acls.Acl parentAcl)
           
 java.lang.String toString()
           
 void updateAce(java.io.Serializable aceId, org.acegisecurity.acls.Permission permission)
           
 void updateAuditing(java.io.Serializable aceId, boolean auditSuccess, boolean auditFailure)
           
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

HibernateAclImpl

public HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                        java.io.Serializable id,
                        org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity).

Parameters:
objectIdentity - the object identity this ACL relates to (required)
id - the primary key assigned to this ACL (required)
aclAuthorizationStrategy - authorization strategy (required)
auditLogger - audit logger (required)

HibernateAclImpl

public HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                        java.io.Serializable id,
                        org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy,
                        org.acegisecurity.acls.Acl parentAcl,
                        org.acegisecurity.acls.sid.Sid[] loadedSids,
                        boolean entriesInheriting,
                        org.acegisecurity.acls.sid.Sid owner)
Full constructor, which should be used by persistence tools that do not provide field-level access features.

Parameters:
objectIdentity - the object identity this ACL relates to (required)
id - the primary key assigned to this ACL (required)
aclAuthorizationStrategy - authorization strategy (required)
auditLogger - audit logger (required)
parentAcl - the parent (may be null)
loadedSids - the loaded SIDs if only a subset were loaded (may be null)
entriesInheriting - if ACEs from the parent should inherit into this ACL
owner - the owner (required)

HibernateAclImpl

public HibernateAclImpl()
No-argument constructor for use by reflection-based persistence tools along with field-level access.


HibernateAclImpl

public HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                        org.acegisecurity.acls.Acl parentAcl,
                        boolean entriesInheriting,
                        org.acegisecurity.acls.sid.Sid owner)
Instantiation of type properties - to be used when creating via MutableAclService.createAcl(ObjectIdentity)

Parameters:
parentAcl -
objectIdentity -
owner -
entriesInheriting -
Method Detail

deleteAce

public void deleteAce(java.io.Serializable aceId)
               throws org.acegisecurity.acls.NotFoundException
Specified by:
deleteAce in interface org.acegisecurity.acls.MutableAcl
Throws:
org.acegisecurity.acls.NotFoundException

getEntries

public org.acegisecurity.acls.AccessControlEntry[] getEntries()
Specified by:
getEntries in interface org.acegisecurity.acls.Acl
Specified by:
getEntries in interface org.acegisecurity.acls.MutableAcl

getId

public java.io.Serializable getId()
Specified by:
getId in interface org.acegisecurity.acls.MutableAcl

getObjectIdentity

public org.acegisecurity.acls.objectidentity.ObjectIdentity getObjectIdentity()
Specified by:
getObjectIdentity in interface org.acegisecurity.acls.Acl

getOwner

public org.acegisecurity.acls.sid.Sid getOwner()
Specified by:
getOwner in interface org.acegisecurity.acls.Acl

getParentAcl

public org.acegisecurity.acls.Acl getParentAcl()
Specified by:
getParentAcl in interface org.acegisecurity.acls.Acl

insertAce

public void insertAce(java.io.Serializable afterAceId,
                      org.acegisecurity.acls.Permission permission,
                      org.acegisecurity.acls.sid.Sid sid,
                      boolean granting)
               throws org.acegisecurity.acls.NotFoundException
Specified by:
insertAce in interface org.acegisecurity.acls.MutableAcl
Throws:
org.acegisecurity.acls.NotFoundException

isEntriesInheriting

public boolean isEntriesInheriting()
Specified by:
isEntriesInheriting in interface org.acegisecurity.acls.Acl

isGranted

public boolean isGranted(org.acegisecurity.acls.Permission[] permission,
                         org.acegisecurity.acls.sid.Sid[] sids,
                         boolean administrativeMode)
                  throws org.acegisecurity.acls.NotFoundException,
                         org.acegisecurity.acls.UnloadedSidException
Determines authorization. The order of the permission and sid arguments is extremely important! The method will iterate through each of the permissions in the order specified. For each iteration, all of the sids will be considered, again in the order they are presented. A search will then be performed for the first AccessControlEntry object that directly matches that permission:sid combination. When the first full match is found (ie an ACE that has the SID currently being searched for and the exact permission bit mask being search for), the grant or deny flag for that ACE will prevail. If the ACE specifies to grant access, the method will return true. If the ACE specifies to deny access, the loop will stop and the next permission iteration will be performed. If each permission indicates to deny access, the first deny ACE found will be considered the reason for the failure (as it was the first match found, and is therefore the one most logically requiring changes - although not always). If absolutely no matching ACE was found at all for any permission, the parent ACL will be tried (provided that there is a parent and isEntriesInheriting() is true. The parent ACL will also scan its parent and so on. If ultimately no matching ACE is found, a NotFoundException will be thrown and the caller will need to decide how to handle the permission check. Similarly, if any of the SID arguments presented to the method were not loaded by the ACL, UnloadedSidException will be thrown.

Specified by:
isGranted in interface org.acegisecurity.acls.Acl
Parameters:
permission - the exact permissions to scan for (order is important)
sids - the exact SIDs to scan for (order is important)
administrativeMode - if true denotes the query is for administrative purposes and no auditing will be undertaken
Returns:
true if one of the permissions has been granted, false if one of the permissions has been specifically revoked
Throws:
org.acegisecurity.acls.NotFoundException - if an exact ACE for one of the permission bit masks and SID combination could not be found
org.acegisecurity.acls.UnloadedSidException - if the passed SIDs are unknown to this ACL because the ACL was only loaded for a subset of SIDs

isSidLoaded

public boolean isSidLoaded(org.acegisecurity.acls.sid.Sid[] sids)
Specified by:
isSidLoaded in interface org.acegisecurity.acls.Acl

setEntriesInheriting

public void setEntriesInheriting(boolean entriesInheriting)
Specified by:
setEntriesInheriting in interface org.acegisecurity.acls.MutableAcl

setOwner

public void setOwner(org.acegisecurity.acls.sid.Sid newOwner)
Specified by:
setOwner in interface org.acegisecurity.acls.OwnershipAcl

setParent

public void setParent(org.acegisecurity.acls.MutableAcl newParent)

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

updateAce

public void updateAce(java.io.Serializable aceId,
                      org.acegisecurity.acls.Permission permission)
               throws org.acegisecurity.acls.NotFoundException
Specified by:
updateAce in interface org.acegisecurity.acls.MutableAcl
Throws:
org.acegisecurity.acls.NotFoundException

updateAuditing

public void updateAuditing(java.io.Serializable aceId,
                           boolean auditSuccess,
                           boolean auditFailure)
Specified by:
updateAuditing in interface org.acegisecurity.acls.AuditableAcl

hashCode

public int hashCode()
Overrides:
hashCode in class java.lang.Object

equals

public boolean equals(java.lang.Object o)
Overrides:
equals in class java.lang.Object

setParentAcl

public void setParentAcl(org.acegisecurity.acls.Acl parentAcl)

setParent

public void setParent(org.acegisecurity.acls.Acl newParent)
Specified by:
setParent in interface org.acegisecurity.acls.MutableAcl

setAclAuthorizationStrategy

public void setAclAuthorizationStrategy(org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)

setAces

public void setAces(java.util.List aces)

getAces

public java.util.List getAces()

setObjectIdentity

public void setObjectIdentity(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity)
Specified by:
setObjectIdentity in interface HibernateAcl

setId

public void setId(java.io.Serializable id)


Copyright © 2010 Atlassian. All Rights Reserved.