Raible's Wiki

Raible Designs
Wiki Home
News
Recent Changes

AppFuse

Homepage
  - Korean
  - Chinese
  - Italian
  - Japanese

QuickStart Guide
  - Chinese
  - French
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish
  - Japanese

User Guide
  - Korean
  - Chinese

Tutorials
  - Chinese
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish

FAQ
  - Korean

Latest Downloads

Other Applications

Struts Resume
Security Example
Struts Menu

Set your name in
UserPreferences

Edit this page

Referenced by
AppFuseAcegiACL
AppFuseAcegiACLChang...




JSPWiki v2.2.33

[RSS]


Hide Menu

AppFuseAcegiACLSavingNewACLAwareObjects
Search Wiki:
Your trail:

Step VII: How to create new ACLs

In this part we will add ACLs to new objects.

Adding the aclManager to the person manager

  • Open the PersonManagerImpl and add a new attribute:


  private BasicAclProviderManager basicAclProviderManager;
  
  /**
   @param basicAclProviderManager The basicAclProviderManager to set.
   */
  public void setBasicAclProviderManager(BasicAclProviderManager basicAclProviderManager
  {
    this.basicAclProviderManager = basicAclProviderManager;
  }

  • Optional: If you don't use autowire="byName" on the bean "personManager", add the following part to the correpsonfing beanDefinition: 
<property name="basicAclProviderManager" ref="basicAclProviderManager"/>

Creating new ACls when saving a new person

  • Goto the method savePerson() and replace it with the following code:


   /**
   @see org.appfuse.service.PersonManager#savePerson(org.appfuse.model.Person)
   */
  public void savePerson(Person person
  {
    boolean isNew = person.getId()== null;
    personDao.savePerson(person);
    //If the person object is NEW, create new ACLs for the object 
    if(isNew)
    {
      //Create a new objectIdentity
      BasicAclObjectIdentity identity = basicAclProviderManager.createBasicObjectIndentity(person);
      //grant permission ADMINISTRATION for role "admin"
      basicAclProviderManager.createPermissionForRole(identity,SimpleAclEntry.ADMINISTRATION,Constants.ADMIN_ROLE);
      //Grant READ_WRITE permissions for the current user (the user creating this person)
      basicAclProviderManager.createPermissionForCurrentUser(identity,SimpleAclEntry.READ_WRITE);
    }
  }

Removing ACLs when deleting a person

Finally, we need to delete the object identity and all permissions, if a person object is deleted:
  • Change the method removePerson(String id):


/**
   @see org.appfuse.service.PersonManager#removePerson(java.lang.String)
   */
  public void removePerson(String id
  {
    personDao.removePerson(Long.valueOf(id));
    basicAclProviderManager.deleteBasicAclObjectIdentity(Person.class,id);
  }

Testing the App

  • Redeploy your application
  • Login as "mraible" and add a new person
  • If you now go to the list screen, you should see the new person
  • Logout and login as "tomcat".
  • If you now go to the person list, you should see no persons
  • Add a new person
  • the list view should now contain 1 person
  • Logout and login as "mraible"
  • The person list should now contain 3 persons (1 already in the DB by the sample-data.xml, 1 added by "mraible" and 1 added by the user "tomcat")
  • you can try to hack the app by playing with the URL, but if you (for example) try to save the person with the ID 1, you should get a "Access denied" exception ;)

Next step

Step VIII. How to use the ACLs in your JSPs


Go to top   Edit this page   More info...   Attach file...
This page last changed on 06-Nov-2006 13:53:00 MST by PeterSchneider-Manzell.