@Override @SuppressWarnings("unchecked") public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity) throws AuthorizationException { if (identity.getRole() == null) return super.getEntitlements(clazz, resource, identity); // currently we only provide sets of EntitlementEntry objects. if (!EntitlementEntry.class.equals(clazz)) return null; Set<EntitlementEntry> entitlements = new HashSet<EntitlementEntry>(); // fill the entitlements for each role. List<Role> roles = new ArrayList<Role>(); this.getAllRoles(identity.getRole(), roles); for (Role role : roles) { // get the initial permissions - those that apply to the specified resource. ACLPermission permission = super.getInitialPermissions(resource, role.getRoleName()); if (permission != null) super.fillEntitlements(entitlements, resource, role.getRoleName(), permission); } return (Set<T>) entitlements; }
public void initialize(Map<String, Object> sharedState, Map<String, Object> options) { String strategyClassName = (String) options.get(PERSISTENCE_STRATEGY_OPTION); if (strategyClassName == null) strategyClassName = "org.jboss.security.acl.JPAPersistenceStrategy"; this.checkParentACL = Boolean.valueOf((String) options.get(CHECK_PARENT_ACL_OPTION)); try { Class<?> strategyClass = this.loadClass(strategyClassName); this.strategy = (ACLPersistenceStrategy) strategyClass.newInstance(); } catch (Exception e) { throw PicketBoxMessages.MESSAGES.unableToCreateACLPersistenceStrategy(e); } }
public boolean removeACL(ACL acl) { return this.removeACL(acl.getResource()); }
@SuppressWarnings("unchecked") public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity) throws AuthorizationException { // currently we only provide sets of EntitlementEntry objects. if (!EntitlementEntry.class.equals(clazz)) return null; Set<EntitlementEntry> entitlements = new HashSet<EntitlementEntry>(); // get the initial permissions - those that apply to the specified resource. ACLPermission permission = this.getInitialPermissions(resource, identity.getName()); if (permission != null) this.fillEntitlements(entitlements, resource, identity.getName(), permission); return (Set<T>) entitlements; }
/** * <p> * Retrieves the ACL that is to be used to perform authorization decisions on the specified resource. If an ACL * for the specified resource can be located by the strategy, this will be the returned ACL. On the other hand, * if no ACL can be located for the resource then the method verifies if the {@code checkParentACL} property has * been set: * <ol> * <li>if {@code checkParentACL} is true, then check if the resource has a parent resource and try to locate an * ACL for the parent resource recursively. The idea here is that child resources "inherit" the permissions from * the parent resources (instead of providing an ACL that would be a copy of the parent ACL).</li> * <li>if {@code checkParentACL} is false, then {@code null} is returned.</li> * </ol> * * </p> * * @param resource the {@code Resource} that is the target of the authorization decision. * @return the {@code ACL} that is to be used to perform authorization decisions on the resource; {@code null} if * no ACL can be found for the specified resource. */ private ACL retrieveACL(Resource resource) { ACL acl = this.strategy.getACL(resource); if (acl == null && this.checkParentACL) { Resource parent = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE); if (parent != null) acl = retrieveACL(parent); } return acl; }
return super.isAccessGranted(resource, identity, permission);
return getInitialPermissions(parent, identityName);
fillEntitlements(entitlements, childResource, identityName, currentPermission);
@SuppressWarnings("unchecked") public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity) throws AuthorizationException { // currently we only provide sets of EntitlementEntry objects. if (!EntitlementEntry.class.equals(clazz)) return null; Set<EntitlementEntry> entitlements = new HashSet<EntitlementEntry>(); // get the initial permissions - those that apply to the specified resource. ACLPermission permission = this.getInitialPermissions(resource, identity.getName()); if (permission != null) this.fillEntitlements(entitlements, resource, identity.getName(), permission); return (Set<T>) entitlements; }
/** * <p> * Retrieves the ACL that is to be used to perform authorization decisions on the specified resource. If an ACL * for the specified resource can be located by the strategy, this will be the returned ACL. On the other hand, * if no ACL can be located for the resource then the method verifies if the {@code checkParentACL} property has * been set: * <ol> * <li>if {@code checkParentACL} is true, then check if the resource has a parent resource and try to locate an * ACL for the parent resource recursively. The idea here is that child resources "inherit" the permissions from * the parent resources (instead of providing an ACL that would be a copy of the parent ACL).</li> * <li>if {@code checkParentACL} is false, then {@code null} is returned.</li> * </ol> * * </p> * * @param resource the {@code Resource} that is the target of the authorization decision. * @return the {@code ACL} that is to be used to perform authorization decisions on the resource; {@code null} if * no ACL can be found for the specified resource. */ private ACL retrieveACL(Resource resource) { ACL acl = this.strategy.getACL(resource); if (acl == null && this.checkParentACL) { Resource parent = (Resource) resource.getMap().get(ResourceKeys.PARENT_RESOURCE); if (parent != null) acl = retrieveACL(parent); } return acl; }
return super.isAccessGranted(resource, identity, permission);
return getInitialPermissions(parent, identityName);
fillEntitlements(entitlements, childResource, identityName, currentPermission);
@Override @SuppressWarnings("unchecked") public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity) throws AuthorizationException { if (identity.getRole() == null) return super.getEntitlements(clazz, resource, identity); // currently we only provide sets of EntitlementEntry objects. if (!EntitlementEntry.class.equals(clazz)) return null; Set<EntitlementEntry> entitlements = new HashSet<EntitlementEntry>(); // fill the entitlements for each role. List<Role> roles = new ArrayList<Role>(); this.getAllRoles(identity.getRole(), roles); for (Role role : roles) { // get the initial permissions - those that apply to the specified resource. ACLPermission permission = super.getInitialPermissions(resource, role.getRoleName()); if (permission != null) super.fillEntitlements(entitlements, resource, role.getRoleName(), permission); } return (Set<T>) entitlements; }
public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission permission) throws AuthorizationException { ACL acl = this.retrieveACL(resource); if (acl != null) { ACLEntry entry = acl.getEntry(identity); if (entry != null) { // check the permission associated with the identity. return entry.checkPermission(permission); } // no entry for identity = deny access return false; } else throw new AuthorizationException(PicketBoxMessages.MESSAGES.unableToLocateACLForResourceMessage( resource != null ? resource.toString() : null)); }
public void initialize(Map<String, Object> sharedState, Map<String, Object> options) { String strategyClassName = (String) options.get(PERSISTENCE_STRATEGY_OPTION); if (strategyClassName == null) strategyClassName = "org.jboss.security.acl.JPAPersistenceStrategy"; this.checkParentACL = Boolean.valueOf((String) options.get(CHECK_PARENT_ACL_OPTION)); try { Class<?> strategyClass = this.loadClass(strategyClassName); this.strategy = (ACLPersistenceStrategy) strategyClass.newInstance(); } catch (Exception e) { throw PicketBoxMessages.MESSAGES.unableToCreateACLPersistenceStrategy(e); } }
public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission permission) throws AuthorizationException { ACL acl = this.retrieveACL(resource); if (acl != null) { ACLEntry entry = acl.getEntry(identity); if (entry != null) { // check the permission associated with the identity. return entry.checkPermission(permission); } // no entry for identity = deny access return false; } else throw new AuthorizationException(PicketBoxMessages.MESSAGES.unableToLocateACLForResourceMessage( resource != null ? resource.toString() : null)); }