AppFuseAcegiACLAddManager |
|
Your trail: |
This is version 1.
It is not the current version, and thus it cannot be edited.
[Back to current version]
[Restore this version]
Adding new ACL relevant managers
In this step we add all managers required for ACL Security
Add new interfaces
- Create a new package called "org.appfuse.service.acl" in the src folder src/service
- Add a new manager in the new package:
BasicAclProviderManager
package org.appfuse.service.acl;
import java.util.List;
import org.acegisecurity.Authentication;
import org.acegisecurity.acl.AclProvider;
public interface BasicAclProviderManager extends AclProvider
{
/**
* Loads a list of permissions a User represented by <code>auth</code> has on an object <code>domainInstance</code>
* @param domainInstance The Object to load permissions for
* @param authentication Representing an user with his authorities
* @return List of permissions
*/
public List getBasicPermissions(Object domainInstance, Authentication authentication);
/**
* Returns all permissions defined on on object represented by <code>domainInstance</code>
* @param domainInstance Representing the object
* @return List of permissions
*/
public List getBasicPermissions(Object domainInstance);
/**
* Deletes all permissions owned by an user with the username <code>username</code>
* @param username Username of the user
*/
public void deleteBasicAclPermissions(String username);
}
|
Add new implementation
- Create a package called org.appfuse.service.acl.impl and add the file BasicAclProviderManagerImpl.java with following implementation:
/**
*
*/
package org.appfuse.service.acl.impl;
import java.io.Serializable;
import java.util.Iterator;
import java.util.List;
import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.acl.AclEntry;
import org.acegisecurity.acl.basic.AclObjectIdentityAware;
import org.acegisecurity.acl.basic.BasicAclProvider;
import org.acegisecurity.acl.basic.SimpleAclEntry;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.User;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.appfuse.dao.BasicAclObjectIdentityDAO;
import org.appfuse.dao.BasicAclPermissionDAO;
import org.appfuse.dao.UserDAO;
import org.appfuse.model.BaseObjectACLAware;
import org.appfuse.model.BasicAclObjectIdentity;
import org.appfuse.model.BasicAclPermission;
import org.appfuse.service.acl.BasicAclProviderManager;
import org.hibernate.Hibernate;
import org.springframework.util.Assert;
public class BasicAclProviderManagerImpl extends BasicAclProvider implements BasicAclProviderManager
{
protected final Log log = LogFactory.getLog(getClass());
protected BasicAclPermissionDAO basicAclPermissionDAO;
protected BasicAclObjectIdentityDAO basicAclObjectIdentityDAO;
protected UserDAO userDAO;
public void setBasicAclObjectIdentityDAO(BasicAclObjectIdentityDAO basicAclObjectIdentityDAO)
{
this.basicAclObjectIdentityDAO = basicAclObjectIdentityDAO;
}
public void setBasicAclPermissionDAO(BasicAclPermissionDAO basicAclPermissionDAO)
{
this.basicAclPermissionDAO = basicAclPermissionDAO;
setBasicAclDao(basicAclPermissionDAO);
}
public void setUserDAO(UserDAO userDAO)
{
this.userDAO = userDAO;
}
/**
* @see org.acegisecurity.acl.AclProvider#getAcls(java.lang.Object, org.acegisecurity.Authentication)
*/
public AclEntry[] getAcls(Object domainInstance, Authentication authentication)
{
long start = System.currentTimeMillis();
AclEntry[] result = super.getAcls(domainInstance, authentication);
log.info("getAcls(Object domainInstance, Authentication authentication) took: " + (System.currentTimeMillis() - start));
return result;
}
/**
* @see org.acegisecurity.acl.AclProvider#getAcls(java.lang.Object)
*/
public AclEntry[] getAcls(Object domainInstance)
{
AclEntry[] result = super.getAcls(domainInstance);
return result;
}
/**
* @see org.appfuse.service.acl.BasicAclProviderManager#getBasicPermissions(java.lang.Object)
*/
public List getBasicPermissions(Object domainInstance)
{
if (domainInstance instanceof AclObjectIdentityAware)
{
AclObjectIdentityAware aclOidAware = (AclObjectIdentityAware) domainInstance;
return basicAclPermissionDAO.getBasicAclPermissions(((BasicAclObjectIdentity) aclOidAware.getAclObjectIdentity()).getObjectIdentity());
}
return null;
}
/**
* @see org.appfuse.service.acl.BasicAclProviderManager#getBasicPermissions(java.lang.Object, org.acegisecurity.Authentication)
*/
public List getBasicPermissions(Object domainInstance,Authentication authentication)
{
BaseObjectACLAware baseObject = (BaseObjectACLAware) domainInstance;
Class domainClazz = null;
domainClazz = Hibernate.getClass(domainInstance);
List permissions = basicAclPermissionDAO.getBasicAclPermissions(domainClazz.getName() + ":" + baseObject.getUniqueKey().toString(), authentication);
return permissions;
}
/**
* Returns a list of permissions for an Object and user
* @param objectIdentity Identity of the Object
* @param username Username of the user
* @return List of permissions
*/
public List getBasicPermissionsByOid(String objectIdentity, String username)
{
return basicAclPermissionDAO.getBasicAclPermissions(objectIdentity,username);
}
/**
* @see org.acegisecurity.acl.AclProvider#supports(java.lang.Object)
*/
public boolean supports(Object domainInstance)
{
return domainInstance instanceof BaseObjectACLAware;
}
/**
* Creates a new Obejct Identity
* @param baseObject Object to create ObjectIdentity for
* @return the new Object identity
*/
protected BasicAclObjectIdentity createBasicObjectIndentity(BaseObjectACLAware baseObject)
{
return createBasicObjectIndenty(baseObject, null);
}
/**
* Creates a new Object identity
* @param baseObject Object to create object identity for
* @param parent Parent object of the new objectidentity
* @return the new Object identity
*/
protected BasicAclObjectIdentity createBasicObjectIndenty(BaseObjectACLAware baseObject, BasicAclObjectIdentity parent)
{
BasicAclObjectIdentity basicAclObjectIdentity = new BasicAclObjectIdentity();
basicAclObjectIdentity.setObjectIdentity(createOIDKey(baseObject.getClass(), baseObject.getUniqueKey()));
basicAclObjectIdentity.setAclClass(SimpleAclEntry.class.getName());
basicAclObjectIdentity.setParentObject(parent);
basicAclObjectIdentityDAO.saveBasicAclObjectIdentity(basicAclObjectIdentity);
return basicAclObjectIdentity;
}
/**
* Creates a new permission
* @param bo Object to create a new permission for
* @param mask Integer representing the rights of the permission
* @param auth Authority to add the new permission
* @return Object identity with the new permission
*/
protected BasicAclObjectIdentity createBasicObjectIdentityAndPermission(BaseObjectACLAware bo, int mask, GrantedAuthority auth)
{
BasicAclObjectIdentity ident = createBasicObjectIndentity(bo);
createPermission(ident, mask, auth);
return ident;
}
/**
* Creates a new permission
* @param bo Object to create a new permission for
* @param mask Integer representing the rights of the permission
* @param user User to create the permission for
* @return Object identity with the new permission
*/
protected BasicAclObjectIdentity createBasicObjectIdentityAndPermission(BaseObjectACLAware bo, int mask, User user)
{
BasicAclObjectIdentity ident = createBasicObjectIndentity(bo);
createPermission(ident, mask, user);
return ident;
}
/**
* Creates a new permission
* @param bo Object to create a new permission for
* @param mask Integer representing the rights of the permission
* @return the Object identity with the new permission
*/
protected BasicAclObjectIdentity createBOIDAndPermForCurrentUser(BaseObjectACLAware bo, int mask)
{
BasicAclObjectIdentity ident = createBasicObjectIndentity(bo);
User user = currentUser();
createPermission(ident, mask, user);
return ident;
}
/**
* Creates a new permission for the active user
* @param basicAclObjectIdentity Object identity to add a new permission for
* @param mask Integer representing the rights of the permission
*/
protected void createPermissionForCurrentUser(BasicAclObjectIdentity basicAclObjectIdentity, int mask)
{
User user = currentUser();
createPermission(basicAclObjectIdentity, mask, user);
}
/**
* Create a new permission
* @param basicAclObjectIdentity Object identity to create a new permission for
* @param mask Integer representing the value of the permission (@see SimpleACLEntry)
* @param user User to add the permission for
*/
protected void createPermission(BasicAclObjectIdentity basicAclObjectIdentity, int mask, User user)
{
createPermission(basicAclObjectIdentity, mask, user.getUsername());
}
/**
* Create a new permission
* @param basicAclObjectIdentity Object identity to create a new permission for
* @param mask Integer representing the value of the permission (@see SimpleACLEntry)
* @param username Username of the user to add the permission for
*/
protected void createPermission(BasicAclObjectIdentity basicAclObjectIdentity, int mask,String username)
{
BasicAclPermission basicACLPermission = new BasicAclPermission();
basicACLPermission.setAclObjectIdentity(basicAclObjectIdentity);
basicACLPermission.setMask(mask);
basicACLPermission.setRecipient(username);
basicAclPermissionDAO.saveBasicAclPermission(basicACLPermission);
}
/**
* Creates a new permission
* @param basicAclObjectIdentity Object identity to create a new permission for
* @param mask Integer representing the value of the permission (@see SimpleACLEntry)
* @param authority Authority to add the permission for
*/
protected void createPermission(BasicAclObjectIdentity basicAclObjectIdentity, int mask,GrantedAuthority authority)
{
BasicAclPermission basicACLPermission = new BasicAclPermission();
basicACLPermission.setAclObjectIdentity(basicAclObjectIdentity);
basicACLPermission.setMask(mask);
basicACLPermission.setRecipient(authority.getAuthority());
basicAclPermissionDAO.saveBasicAclPermission(basicACLPermission);
}
/**
* Deletes the object identity of an obejct of class <code>clazz</code> with the id <code>id</code>
* @param clazz Class of the objet identity to delete
* @param id ID of the objet identity to delete
*/
protected void deleteBasicAclObjectIdentity(Class clazz, Long id)
{
BasicAclObjectIdentity ident = basicAclObjectIdentityDAO.getBasicAclObjectIdentity(createOIDKey(clazz, id));
basicAclObjectIdentityDAO.deleteBasicAclObjectIdentity(ident.getId());
}
/**
* Creates the object identifier
* @param clazz Class of the object
* @param id pimary key of the object
* @return String reresenting the object
*/
protected String createOIDKey(Class clazz, Serializable id)
{
return clazz.getName() + ":" + id;
}
/**
* @see org.appfuse.service.acl.BasicAclProviderManager#deleteBasicAclPermissions(java.lang.String)
*/
public void deleteBasicAclPermissions(String username)
{
List perms = basicAclPermissionDAO.getBasicAclPermissionsByUsername(username);
for (Iterator iter = perms.iterator(); iter.hasNext();)
{
BasicAclPermission perm = (BasicAclPermission) iter.next();
BasicAclObjectIdentity oid = (BasicAclObjectIdentity) perm.getAclObjectIdentity();
oid.getPermissions().remove(perm);
basicAclObjectIdentityDAO.saveBasicAclObjectIdentity(oid);
basicAclPermissionDAO.deleteBasicAclPermission(perm.getId());
}
}
/**
* @return The active user
*/
protected User currentUser()
{
SecurityContext ctx = SecurityContextHolder.getContext();
Assert.notNull(ctx);
return (User) ctx.getAuthentication().getPrincipal();
}
/**
* Loads the object identity for an obejct <code>bo</code>
* @param bo Object to load identity for
* @return
*/
protected BasicAclObjectIdentity getBasicAclObjectIdentity(BaseObjectACLAware bo)
{
return basicAclObjectIdentityDAO.getBasicAclObjectIdentity(createOIDKey(bo.getClass(), bo.getUniqueKey()));
}
}
|
Add the new manager to the SpringContext
Open the file applicationContext-service.xml and add the following content:
<bean id="basicAclProviderManager" parent="txProxyTemplate">
<property name="target">
<bean class="com.bmw.jcvs.service.acl.impl.BasicAclProviderManagerImpl" autowire="byName" />
</property>
</bean>
Next Step
Step V. Add new ACEGI Managers to secure all person objects
|