Class HibernateAclImpl
- java.lang.Object
-
- com.atlassian.bamboo.security.acegi.acls.HibernateAclImpl
-
- All Implemented Interfaces:
HibernateAcl
,Serializable
,org.acegisecurity.acls.Acl
,org.acegisecurity.acls.AuditableAcl
,org.acegisecurity.acls.MutableAcl
,org.acegisecurity.acls.OwnershipAcl
@Entity public class HibernateAclImpl extends Object implements org.acegisecurity.acls.Acl, org.acegisecurity.acls.MutableAcl, org.acegisecurity.acls.AuditableAcl, org.acegisecurity.acls.OwnershipAcl, HibernateAcl
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description HibernateAclImpl()
No-argument constructor for use by reflection-based persistence tools along with field-level access.HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, @Nullable org.acegisecurity.acls.Acl parentAcl, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner)
Instantiation of type properties - to be used when creating viaMutableAclService.createAcl(ObjectIdentity)
HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
Minimal constructor, which should be usedMutableAclService.createAcl(ObjectIdentity)
.HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy, @Nullable org.acegisecurity.acls.Acl parentAcl, @Nullable org.acegisecurity.acls.sid.Sid[] loadedSids, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner)
Full constructor, which should be used by persistence tools that do not provide field-level access features.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
deleteAce(Serializable aceId)
boolean
equals(Object o)
List<org.acegisecurity.acls.AccessControlEntry>
getAces()
org.acegisecurity.acls.AccessControlEntry[]
getEntries()
Serializable
getId()
org.acegisecurity.acls.objectidentity.ObjectIdentity
getObjectIdentity()
org.acegisecurity.acls.sid.Sid
getOwner()
@Nullable org.acegisecurity.acls.Acl
getParentAcl()
int
hashCode()
void
insertAce(@Nullable Serializable afterAceId, org.acegisecurity.acls.Permission permission, org.acegisecurity.acls.sid.Sid sid, boolean granting)
boolean
isEntriesInheriting()
boolean
isGranted(org.acegisecurity.acls.Permission[] permission, org.acegisecurity.acls.sid.Sid[] sids, boolean administrativeMode)
Determines authorization.boolean
isSidLoaded(org.acegisecurity.acls.sid.Sid[] sids)
void
setAclAuthorizationStrategy(org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
void
setEntriesInheriting(boolean entriesInheriting)
void
setId(Serializable id)
void
setObjectIdentity(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity)
void
setOwner(org.acegisecurity.acls.sid.Sid newOwner)
void
setParent(org.acegisecurity.acls.Acl newParent)
void
setParent(org.acegisecurity.acls.MutableAcl newParent)
void
setParentAcl(org.acegisecurity.acls.Acl parentAcl)
String
toString()
void
updateAce(Serializable aceId, org.acegisecurity.acls.Permission permission)
void
updateAuditing(Serializable aceId, boolean auditSuccess, boolean auditFailure)
-
-
-
Constructor Detail
-
HibernateAclImpl
public HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
Minimal constructor, which should be usedMutableAclService.createAcl(ObjectIdentity)
.- Parameters:
objectIdentity
- the object identity this ACL relates to (required)id
- the primary key assigned to this ACL (required)aclAuthorizationStrategy
- authorization strategy (required)
-
HibernateAclImpl
public HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, Serializable id, org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy, @Nullable @Nullable org.acegisecurity.acls.Acl parentAcl, @Nullable @Nullable org.acegisecurity.acls.sid.Sid[] loadedSids, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner)
Full constructor, which should be used by persistence tools that do not provide field-level access features.- Parameters:
objectIdentity
- the object identity this ACL relates to (required)id
- the primary key assigned to this ACL (required)aclAuthorizationStrategy
- authorization strategy (required)parentAcl
- the parent (may benull
)loadedSids
- the loaded SIDs if only a subset were loaded (may benull
)entriesInheriting
- if ACEs from the parent should inherit into this ACLowner
- the owner (required)
-
HibernateAclImpl
public HibernateAclImpl()
No-argument constructor for use by reflection-based persistence tools along with field-level access.
-
HibernateAclImpl
public HibernateAclImpl(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity, @Nullable @Nullable org.acegisecurity.acls.Acl parentAcl, boolean entriesInheriting, org.acegisecurity.acls.sid.Sid owner)
Instantiation of type properties - to be used when creating viaMutableAclService.createAcl(ObjectIdentity)
- Parameters:
parentAcl
-objectIdentity
-owner
-entriesInheriting
-
-
-
Method Detail
-
deleteAce
public void deleteAce(Serializable aceId) throws org.acegisecurity.acls.NotFoundException
- Specified by:
deleteAce
in interfaceorg.acegisecurity.acls.MutableAcl
- Throws:
org.acegisecurity.acls.NotFoundException
-
getEntries
public org.acegisecurity.acls.AccessControlEntry[] getEntries()
- Specified by:
getEntries
in interfaceorg.acegisecurity.acls.Acl
- Specified by:
getEntries
in interfaceorg.acegisecurity.acls.MutableAcl
-
getId
public Serializable getId()
- Specified by:
getId
in interfaceorg.acegisecurity.acls.MutableAcl
-
getObjectIdentity
public org.acegisecurity.acls.objectidentity.ObjectIdentity getObjectIdentity()
- Specified by:
getObjectIdentity
in interfaceorg.acegisecurity.acls.Acl
-
getOwner
public org.acegisecurity.acls.sid.Sid getOwner()
- Specified by:
getOwner
in interfaceorg.acegisecurity.acls.Acl
-
getParentAcl
@Nullable public @Nullable org.acegisecurity.acls.Acl getParentAcl()
- Specified by:
getParentAcl
in interfaceorg.acegisecurity.acls.Acl
-
insertAce
public void insertAce(@Nullable @Nullable Serializable afterAceId, org.acegisecurity.acls.Permission permission, org.acegisecurity.acls.sid.Sid sid, boolean granting) throws org.acegisecurity.acls.NotFoundException
- Specified by:
insertAce
in interfaceorg.acegisecurity.acls.MutableAcl
- Throws:
org.acegisecurity.acls.NotFoundException
-
isEntriesInheriting
public boolean isEntriesInheriting()
- Specified by:
isEntriesInheriting
in interfaceorg.acegisecurity.acls.Acl
-
isGranted
public boolean isGranted(org.acegisecurity.acls.Permission[] permission, org.acegisecurity.acls.sid.Sid[] sids, boolean administrativeMode) throws org.acegisecurity.acls.NotFoundException, org.acegisecurity.acls.UnloadedSidException
Determines authorization. The order of thepermission
andsid
arguments is extremely important! The method will iterate through each of thepermission
s in the order specified. For each iteration, all of thesid
s will be considered, again in the order they are presented. A search will then be performed for the firstAccessControlEntry
object that directly matches thatpermission:sid
combination. When the first full match is found (ie an ACE that has the SID currently being searched for and the exact permission bit mask being search for), the grant or deny flag for that ACE will prevail. If the ACE specifies to grant access, the method will returntrue
. If the ACE specifies to deny access, the loop will stop and the nextpermission
iteration will be performed. If each permission indicates to deny access, the first deny ACE found will be considered the reason for the failure (as it was the first match found, and is therefore the one most logically requiring changes - although not always). If absolutely no matching ACE was found at all for any permission, the parent ACL will be tried (provided that there is a parent andisEntriesInheriting()
istrue
. The parent ACL will also scan its parent and so on. If ultimately no matching ACE is found, aNotFoundException
will be thrown and the caller will need to decide how to handle the permission check. Similarly, if any of the SID arguments presented to the method were not loaded by the ACL,UnloadedSidException
will be thrown.- Specified by:
isGranted
in interfaceorg.acegisecurity.acls.Acl
- Parameters:
permission
- the exact permissions to scan for (order is important)sids
- the exact SIDs to scan for (order is important)administrativeMode
- iftrue
denotes the query is for administrative purposes and no auditing will be undertaken- Returns:
true
if one of the permissions has been granted,false
if one of the permissions has been specifically revoked- Throws:
org.acegisecurity.acls.NotFoundException
- if an exact ACE for one of the permission bit masks and SID combination could not be foundorg.acegisecurity.acls.UnloadedSidException
- if the passed SIDs are unknown to this ACL because the ACL was only loaded for a subset of SIDs
-
isSidLoaded
public boolean isSidLoaded(org.acegisecurity.acls.sid.Sid[] sids)
- Specified by:
isSidLoaded
in interfaceorg.acegisecurity.acls.Acl
-
setEntriesInheriting
public void setEntriesInheriting(boolean entriesInheriting)
- Specified by:
setEntriesInheriting
in interfaceorg.acegisecurity.acls.MutableAcl
-
setOwner
public void setOwner(org.acegisecurity.acls.sid.Sid newOwner)
- Specified by:
setOwner
in interfaceorg.acegisecurity.acls.OwnershipAcl
-
setParent
public void setParent(org.acegisecurity.acls.MutableAcl newParent)
-
updateAce
public void updateAce(Serializable aceId, org.acegisecurity.acls.Permission permission) throws org.acegisecurity.acls.NotFoundException
- Specified by:
updateAce
in interfaceorg.acegisecurity.acls.MutableAcl
- Throws:
org.acegisecurity.acls.NotFoundException
-
updateAuditing
public void updateAuditing(Serializable aceId, boolean auditSuccess, boolean auditFailure)
- Specified by:
updateAuditing
in interfaceorg.acegisecurity.acls.AuditableAcl
-
setParentAcl
public void setParentAcl(org.acegisecurity.acls.Acl parentAcl)
-
setParent
public void setParent(org.acegisecurity.acls.Acl newParent)
- Specified by:
setParent
in interfaceorg.acegisecurity.acls.MutableAcl
-
setAclAuthorizationStrategy
public void setAclAuthorizationStrategy(org.acegisecurity.acls.domain.AclAuthorizationStrategy aclAuthorizationStrategy)
-
getAces
public List<org.acegisecurity.acls.AccessControlEntry> getAces()
-
setObjectIdentity
public void setObjectIdentity(org.acegisecurity.acls.objectidentity.ObjectIdentity objectIdentity)
- Specified by:
setObjectIdentity
in interfaceHibernateAcl
-
setId
public void setId(Serializable id)
-
-