com.atlassian.bamboo.security.acegi.acls

Class HibernateAclImpl

java.lang.Object

com.atlassian.bamboo.security.acegi.acls.HibernateAclImpl

All Implemented Interfaces:

HibernateAcl, Serializable, org.acegisecurity.acls.Acl, org.acegisecurity.acls.AuditableAcl, org.acegisecurity.acls.MutableAcl, org.acegisecurity.acls.OwnershipAcl

@Entity
public class HibernateAclImpl
extends Object
implements org.acegisecurity.acls.Acl, org.acegisecurity.acls.MutableAcl, org.acegisecurity.acls.AuditableAcl, org.acegisecurity.acls.OwnershipAcl, HibernateAcl

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
HibernateAclImpl() No-argument constructor for use by reflection-based persistence tools along with field-level access.
HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, org.acegisecurity.acls.Acl parentAcl, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner) Instantiation of type properties - to be used when creating via MutableAclService.createAcl(ObjectIdentity)
HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy) Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity).
HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy, org.acegisecurity.acls.Acl parentAcl, org.acegisecurity.acls.sid.Sid[] loadedSids, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner) Full constructor, which should be used by persistence tools that do not provide field-level access features.

Method Summary

Modifier and Type	Method and Description
void	deleteAce(Serializable aceId)
boolean	equals(Object o)
List<org.acegisecurity.acls.AccessControlEntry>	getAces()
org.acegisecurity.acls.AccessControlEntry[]	getEntries()
Serializable	getId()
org.acegisecurity.acls.objectidentity.ObjectIdentity	getObjectIdentity()
org.acegisecurity.acls.sid.Sid	getOwner()
org.acegisecurity.acls.Acl	getParentAcl()
int	hashCode()
void	insertAce(Serializable afterAceId, org.acegisecurity.acls.Permission permission, org.acegisecurity.acls.sid.Sid sid, boolean granting)
boolean	isEntriesInheriting()
boolean	isGranted(org.acegisecurity.acls.Permission[] permission, org.acegisecurity.acls.sid.Sid[] sids, boolean administrativeMode) Determines authorization.
boolean	isSidLoaded(org.acegisecurity.acls.sid.Sid[] sids)
void	setAclAuthorizationStrategy(org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
void	setEntriesInheriting(boolean entriesInheriting)
void	setId(Serializable id)
void	setObjectIdentity(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity)
void	setOwner(org.acegisecurity.acls.sid.Sid newOwner)
void	setParent(org.acegisecurity.acls.Acl newParent)
void	setParent(org.acegisecurity.acls.MutableAcl newParent)
void	setParentAcl(org.acegisecurity.acls.Acl parentAcl)
String	toString()
void	updateAce(Serializable aceId, org.acegisecurity.acls.Permission permission)
void	updateAuditing(Serializable aceId, boolean auditSuccess, boolean auditFailure)

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

HibernateAclImpl

public HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                        Serializable id,
                        org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)

Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity).

Parameters:

objectIdentity - the object identity this ACL relates to (required)

id - the primary key assigned to this ACL (required)

aclAuthorizationStrategy - authorization strategy (required)

HibernateAclImpl

public HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                        Serializable id,
                        org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy,
                        @Nullable
                        org.acegisecurity.acls.Acl parentAcl,
                        @Nullable
                        org.acegisecurity.acls.sid.Sid[] loadedSids,
                        boolean entriesInheriting,
                        org.acegisecurity.acls.sid.Sid owner)

Full constructor, which should be used by persistence tools that do not provide field-level access features.

Parameters:

objectIdentity - the object identity this ACL relates to (required)

id - the primary key assigned to this ACL (required)

aclAuthorizationStrategy - authorization strategy (required)

parentAcl - the parent (may be null)

loadedSids - the loaded SIDs if only a subset were loaded (may be null)

entriesInheriting - if ACEs from the parent should inherit into this ACL

owner - the owner (required)

HibernateAclImpl

public HibernateAclImpl()

No-argument constructor for use by reflection-based persistence tools along with field-level access.

HibernateAclImpl

public HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                        @Nullable
                        org.acegisecurity.acls.Acl parentAcl,
                        boolean entriesInheriting,
                        org.acegisecurity.acls.sid.Sid owner)

Instantiation of type properties - to be used when creating via MutableAclService.createAcl(ObjectIdentity)

Parameters:

parentAcl -

objectIdentity -

owner -

entriesInheriting -

Method Detail

deleteAce

public void deleteAce(Serializable aceId)
               throws org.acegisecurity.acls.NotFoundException

Specified by:

deleteAce in interface org.acegisecurity.acls.MutableAcl

Throws:

org.acegisecurity.acls.NotFoundException

getEntries

public org.acegisecurity.acls.AccessControlEntry[] getEntries()

Specified by:

getEntries in interface org.acegisecurity.acls.Acl

Specified by:

getEntries in interface org.acegisecurity.acls.MutableAcl

getId

public Serializable getId()

Specified by:

getId in interface org.acegisecurity.acls.MutableAcl

getObjectIdentity

public org.acegisecurity.acls.objectidentity.ObjectIdentity getObjectIdentity()

Specified by:

getObjectIdentity in interface org.acegisecurity.acls.Acl

getOwner

public org.acegisecurity.acls.sid.Sid getOwner()

Specified by:

getOwner in interface org.acegisecurity.acls.Acl

getParentAcl

@Nullable
public org.acegisecurity.acls.Acl getParentAcl()

Specified by:

getParentAcl in interface org.acegisecurity.acls.Acl

insertAce

public void insertAce(@Nullable
                      Serializable afterAceId,
                      org.acegisecurity.acls.Permission permission,
                      org.acegisecurity.acls.sid.Sid sid,
                      boolean granting)
               throws org.acegisecurity.acls.NotFoundException

Specified by:

insertAce in interface org.acegisecurity.acls.MutableAcl

Throws:

org.acegisecurity.acls.NotFoundException

isEntriesInheriting

public boolean isEntriesInheriting()

Specified by:

isEntriesInheriting in interface org.acegisecurity.acls.Acl

isGranted

public boolean isGranted(org.acegisecurity.acls.Permission[] permission,
                         org.acegisecurity.acls.sid.Sid[] sids,
                         boolean administrativeMode)
                  throws org.acegisecurity.acls.NotFoundException,
                         org.acegisecurity.acls.UnloadedSidException

Determines authorization. The order of the permission and sid arguments is extremely important! The method will iterate through each of the permissions in the order specified. For each iteration, all of the sids will be considered, again in the order they are presented. A search will then be performed for the first AccessControlEntry object that directly matches that permission:sid combination. When the first full match is found (ie an ACE that has the SID currently being searched for and the exact permission bit mask being search for), the grant or deny flag for that ACE will prevail. If the ACE specifies to grant access, the method will return true. If the ACE specifies to deny access, the loop will stop and the next permission iteration will be performed. If each permission indicates to deny access, the first deny ACE found will be considered the reason for the failure (as it was the first match found, and is therefore the one most logically requiring changes - although not always). If absolutely no matching ACE was found at all for any permission, the parent ACL will be tried (provided that there is a parent and isEntriesInheriting() is true. The parent ACL will also scan its parent and so on. If ultimately no matching ACE is found, a NotFoundException will be thrown and the caller will need to decide how to handle the permission check. Similarly, if any of the SID arguments presented to the method were not loaded by the ACL, UnloadedSidException will be thrown.

Specified by:

isGranted in interface org.acegisecurity.acls.Acl

Parameters:

permission - the exact permissions to scan for (order is important)

sids - the exact SIDs to scan for (order is important)

administrativeMode - if true denotes the query is for administrative purposes and no auditing will be undertaken

Returns:

true if one of the permissions has been granted, false if one of the permissions has been specifically revoked

Throws:

org.acegisecurity.acls.NotFoundException - if an exact ACE for one of the permission bit masks and SID combination could not be found

org.acegisecurity.acls.UnloadedSidException - if the passed SIDs are unknown to this ACL because the ACL was only loaded for a subset of SIDs

isSidLoaded

public boolean isSidLoaded(org.acegisecurity.acls.sid.Sid[] sids)

Specified by:

isSidLoaded in interface org.acegisecurity.acls.Acl

setEntriesInheriting

public void setEntriesInheriting(boolean entriesInheriting)

Specified by:

setEntriesInheriting in interface org.acegisecurity.acls.MutableAcl

setOwner

public void setOwner(org.acegisecurity.acls.sid.Sid newOwner)

Specified by:

setOwner in interface org.acegisecurity.acls.OwnershipAcl

setParent

public void setParent(org.acegisecurity.acls.MutableAcl newParent)

toString

public String toString()

Overrides:

toString in class Object

updateAce

public void updateAce(Serializable aceId,
                      org.acegisecurity.acls.Permission permission)
               throws org.acegisecurity.acls.NotFoundException

Specified by:

updateAce in interface org.acegisecurity.acls.MutableAcl

Throws:

org.acegisecurity.acls.NotFoundException

updateAuditing

public void updateAuditing(Serializable aceId,
                           boolean auditSuccess,
                           boolean auditFailure)

Specified by:

updateAuditing in interface org.acegisecurity.acls.AuditableAcl

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object o)

Overrides:

equals in class Object

setParentAcl

public void setParentAcl(org.acegisecurity.acls.Acl parentAcl)

setParent

public void setParent(org.acegisecurity.acls.Acl newParent)

Specified by:

setParent in interface org.acegisecurity.acls.MutableAcl

setAclAuthorizationStrategy

public void setAclAuthorizationStrategy(org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)

getAces

public List<org.acegisecurity.acls.AccessControlEntry> getAces()

setObjectIdentity

public void setObjectIdentity(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity)

Specified by:

setObjectIdentity in interface HibernateAcl

setId

public void setId(Serializable id)