001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.afterinvocation;
017:
018: import org.acegisecurity.Authentication;
019: import org.acegisecurity.ConfigAttribute;
020:
021: import org.acegisecurity.acls.Acl;
022: import org.acegisecurity.acls.AclService;
023: import org.acegisecurity.acls.NotFoundException;
024: import org.acegisecurity.acls.Permission;
025: import org.acegisecurity.acls.domain.BasePermission;
026: import org.acegisecurity.acls.objectidentity.ObjectIdentity;
027: import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategy;
028: import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategyImpl;
029: import org.acegisecurity.acls.sid.Sid;
030: import org.acegisecurity.acls.sid.SidRetrievalStrategy;
031: import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl;
032:
033: import org.springframework.util.Assert;
034:
035: /**
036: * DOCUMENT ME!
037: *
038: * @author $author$
039: * @version $Revision$
040: */
041: public abstract class AbstractAclProvider implements
042: AfterInvocationProvider {
043: //~ Instance fields ================================================================================================
044:
045: private AclService aclService;
046: private Class processDomainObjectClass = Object.class;
047: private ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy = new ObjectIdentityRetrievalStrategyImpl();
048: private SidRetrievalStrategy sidRetrievalStrategy = new SidRetrievalStrategyImpl();
049: private String processConfigAttribute;
050: private Permission[] requirePermission = { BasePermission.READ };
051:
052: //~ Constructors ===================================================================================================
053:
054: public AbstractAclProvider(AclService aclService,
055: String processConfigAttribute,
056: Permission[] requirePermission) {
057: Assert.hasText(processConfigAttribute,
058: "A processConfigAttribute is mandatory");
059: Assert.notNull(aclService, "An AclService is mandatory");
060:
061: if ((requirePermission == null)
062: || (requirePermission.length == 0)) {
063: throw new IllegalArgumentException(
064: "One or more requirePermission entries is mandatory");
065: }
066:
067: this .aclService = aclService;
068: this .processConfigAttribute = processConfigAttribute;
069: this .requirePermission = requirePermission;
070: }
071:
072: //~ Methods ========================================================================================================
073:
074: protected Class getProcessDomainObjectClass() {
075: return processDomainObjectClass;
076: }
077:
078: protected boolean hasPermission(Authentication authentication,
079: Object domainObject) {
080: // Obtain the OID applicable to the domain object
081: ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy
082: .getObjectIdentity(domainObject);
083:
084: // Obtain the SIDs applicable to the principal
085: Sid[] sids = sidRetrievalStrategy.getSids(authentication);
086:
087: Acl acl = null;
088:
089: try {
090: // Lookup only ACLs for SIDs we're interested in
091: acl = aclService.readAclById(objectIdentity, sids);
092:
093: return acl.isGranted(requirePermission, sids, false);
094: } catch (NotFoundException ignore) {
095: return false;
096: }
097: }
098:
099: public void setObjectIdentityRetrievalStrategy(
100: ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) {
101: Assert.notNull(objectIdentityRetrievalStrategy,
102: "ObjectIdentityRetrievalStrategy required");
103: this .objectIdentityRetrievalStrategy = objectIdentityRetrievalStrategy;
104: }
105:
106: protected void setProcessConfigAttribute(
107: String processConfigAttribute) {
108: Assert.hasText(processConfigAttribute,
109: "A processConfigAttribute is mandatory");
110: this .processConfigAttribute = processConfigAttribute;
111: }
112:
113: public void setProcessDomainObjectClass(
114: Class processDomainObjectClass) {
115: Assert.notNull(processDomainObjectClass,
116: "processDomainObjectClass cannot be set to null");
117: this .processDomainObjectClass = processDomainObjectClass;
118: }
119:
120: public void setSidRetrievalStrategy(
121: SidRetrievalStrategy sidRetrievalStrategy) {
122: Assert.notNull(sidRetrievalStrategy,
123: "SidRetrievalStrategy required");
124: this .sidRetrievalStrategy = sidRetrievalStrategy;
125: }
126:
127: public boolean supports(ConfigAttribute attribute) {
128: if ((attribute.getAttribute() != null)
129: && attribute.getAttribute().equals(
130: this .processConfigAttribute)) {
131: return true;
132: } else {
133: return false;
134: }
135: }
136:
137: /**
138: * This implementation supports any type of class, because it does not query the presented secure object.
139: *
140: * @param clazz the secure object
141: *
142: * @return always <code>true</code>
143: */
144: public boolean supports(Class clazz) {
145: return true;
146: }
147: }
|