Class HibernateAclImpl

  • All Implemented Interfaces:
    HibernateAcl, Serializable, org.acegisecurity.acls.Acl, org.acegisecurity.acls.AuditableAcl, org.acegisecurity.acls.MutableAcl, org.acegisecurity.acls.OwnershipAcl

    @Entity
    public class HibernateAclImpl
    extends Object
    implements org.acegisecurity.acls.Acl, org.acegisecurity.acls.MutableAcl, org.acegisecurity.acls.AuditableAcl, org.acegisecurity.acls.OwnershipAcl, HibernateAcl
    See Also:
    Serialized Form
    • Constructor Summary

      Constructors 
      Constructor Description
      HibernateAclImpl()
      No-argument constructor for use by reflection-based persistence tools along with field-level access.
      HibernateAclImpl​(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, @Nullable org.acegisecurity.acls.Acl parentAcl, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner)
      Instantiation of type properties - to be used when creating via MutableAclService.createAcl(ObjectIdentity)
      HibernateAclImpl​(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
      Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity).
      HibernateAclImpl​(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy, @Nullable org.acegisecurity.acls.Acl parentAcl, @Nullable org.acegisecurity.acls.sid.Sid[] loadedSids, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner)
      Full constructor, which should be used by persistence tools that do not provide field-level access features.
    • Constructor Detail

      • HibernateAclImpl

        public HibernateAclImpl​(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                                Serializable id,
                                org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
        Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity).
        Parameters:
        objectIdentity - the object identity this ACL relates to (required)
        id - the primary key assigned to this ACL (required)
        aclAuthorizationStrategy - authorization strategy (required)
      • HibernateAclImpl

        public HibernateAclImpl​(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                                Serializable id,
                                org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy,
                                @Nullable
                                @Nullable org.acegisecurity.acls.Acl parentAcl,
                                @Nullable
                                @Nullable org.acegisecurity.acls.sid.Sid[] loadedSids,
                                boolean entriesInheriting,
                                org.acegisecurity.acls.sid.Sid owner)
        Full constructor, which should be used by persistence tools that do not provide field-level access features.
        Parameters:
        objectIdentity - the object identity this ACL relates to (required)
        id - the primary key assigned to this ACL (required)
        aclAuthorizationStrategy - authorization strategy (required)
        parentAcl - the parent (may be null)
        loadedSids - the loaded SIDs if only a subset were loaded (may be null)
        entriesInheriting - if ACEs from the parent should inherit into this ACL
        owner - the owner (required)
      • HibernateAclImpl

        public HibernateAclImpl()
        No-argument constructor for use by reflection-based persistence tools along with field-level access.
      • HibernateAclImpl

        public HibernateAclImpl​(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity,
                                @Nullable
                                @Nullable org.acegisecurity.acls.Acl parentAcl,
                                boolean entriesInheriting,
                                org.acegisecurity.acls.sid.Sid owner)
        Instantiation of type properties - to be used when creating via MutableAclService.createAcl(ObjectIdentity)
        Parameters:
        parentAcl -
        objectIdentity -
        owner -
        entriesInheriting -
    • Method Detail

      • deleteAce

        public void deleteAce​(Serializable aceId)
                       throws org.acegisecurity.acls.NotFoundException
        Specified by:
        deleteAce in interface org.acegisecurity.acls.MutableAcl
        Throws:
        org.acegisecurity.acls.NotFoundException
      • getEntries

        public org.acegisecurity.acls.AccessControlEntry[] getEntries()
        Specified by:
        getEntries in interface org.acegisecurity.acls.Acl
        Specified by:
        getEntries in interface org.acegisecurity.acls.MutableAcl
      • getId

        public Serializable getId()
        Specified by:
        getId in interface org.acegisecurity.acls.MutableAcl
      • getObjectIdentity

        public org.acegisecurity.acls.objectidentity.ObjectIdentity getObjectIdentity()
        Specified by:
        getObjectIdentity in interface org.acegisecurity.acls.Acl
      • getOwner

        public org.acegisecurity.acls.sid.Sid getOwner()
        Specified by:
        getOwner in interface org.acegisecurity.acls.Acl
      • getParentAcl

        @Nullable
        public @Nullable org.acegisecurity.acls.Acl getParentAcl()
        Specified by:
        getParentAcl in interface org.acegisecurity.acls.Acl
      • insertAce

        public void insertAce​(@Nullable
                              @Nullable Serializable afterAceId,
                              org.acegisecurity.acls.Permission permission,
                              org.acegisecurity.acls.sid.Sid sid,
                              boolean granting)
                       throws org.acegisecurity.acls.NotFoundException
        Specified by:
        insertAce in interface org.acegisecurity.acls.MutableAcl
        Throws:
        org.acegisecurity.acls.NotFoundException
      • isEntriesInheriting

        public boolean isEntriesInheriting()
        Specified by:
        isEntriesInheriting in interface org.acegisecurity.acls.Acl
      • isGranted

        public boolean isGranted​(org.acegisecurity.acls.Permission[] permission,
                                 org.acegisecurity.acls.sid.Sid[] sids,
                                 boolean administrativeMode)
                          throws org.acegisecurity.acls.NotFoundException,
                                 org.acegisecurity.acls.UnloadedSidException
        Determines authorization. The order of the permission and sid arguments is extremely important! The method will iterate through each of the permissions in the order specified. For each iteration, all of the sids will be considered, again in the order they are presented. A search will then be performed for the first AccessControlEntry object that directly matches that permission:sid combination. When the first full match is found (ie an ACE that has the SID currently being searched for and the exact permission bit mask being search for), the grant or deny flag for that ACE will prevail. If the ACE specifies to grant access, the method will return true. If the ACE specifies to deny access, the loop will stop and the next permission iteration will be performed. If each permission indicates to deny access, the first deny ACE found will be considered the reason for the failure (as it was the first match found, and is therefore the one most logically requiring changes - although not always). If absolutely no matching ACE was found at all for any permission, the parent ACL will be tried (provided that there is a parent and isEntriesInheriting() is true. The parent ACL will also scan its parent and so on. If ultimately no matching ACE is found, a NotFoundException will be thrown and the caller will need to decide how to handle the permission check. Similarly, if any of the SID arguments presented to the method were not loaded by the ACL, UnloadedSidException will be thrown.
        Specified by:
        isGranted in interface org.acegisecurity.acls.Acl
        Parameters:
        permission - the exact permissions to scan for (order is important)
        sids - the exact SIDs to scan for (order is important)
        administrativeMode - if true denotes the query is for administrative purposes and no auditing will be undertaken
        Returns:
        true if one of the permissions has been granted, false if one of the permissions has been specifically revoked
        Throws:
        org.acegisecurity.acls.NotFoundException - if an exact ACE for one of the permission bit masks and SID combination could not be found
        org.acegisecurity.acls.UnloadedSidException - if the passed SIDs are unknown to this ACL because the ACL was only loaded for a subset of SIDs
      • isSidLoaded

        public boolean isSidLoaded​(org.acegisecurity.acls.sid.Sid[] sids)
        Specified by:
        isSidLoaded in interface org.acegisecurity.acls.Acl
      • setEntriesInheriting

        public void setEntriesInheriting​(boolean entriesInheriting)
        Specified by:
        setEntriesInheriting in interface org.acegisecurity.acls.MutableAcl
      • setOwner

        public void setOwner​(org.acegisecurity.acls.sid.Sid newOwner)
        Specified by:
        setOwner in interface org.acegisecurity.acls.OwnershipAcl
      • setParent

        public void setParent​(org.acegisecurity.acls.MutableAcl newParent)
      • updateAce

        public void updateAce​(Serializable aceId,
                              org.acegisecurity.acls.Permission permission)
                       throws org.acegisecurity.acls.NotFoundException
        Specified by:
        updateAce in interface org.acegisecurity.acls.MutableAcl
        Throws:
        org.acegisecurity.acls.NotFoundException
      • updateAuditing

        public void updateAuditing​(Serializable aceId,
                                   boolean auditSuccess,
                                   boolean auditFailure)
        Specified by:
        updateAuditing in interface org.acegisecurity.acls.AuditableAcl
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object
      • setParentAcl

        public void setParentAcl​(org.acegisecurity.acls.Acl parentAcl)
      • setParent

        public void setParent​(org.acegisecurity.acls.Acl newParent)
        Specified by:
        setParent in interface org.acegisecurity.acls.MutableAcl
      • setAclAuthorizationStrategy

        public void setAclAuthorizationStrategy​(org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
      • getAces

        public List<org.acegisecurity.acls.AccessControlEntry> getAces()
      • setObjectIdentity

        public void setObjectIdentity​(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity)
        Specified by:
        setObjectIdentity in interface HibernateAcl