AppFuseAcegiACLSavingNewACLAwareObjects |
|
Your trail: |
This is version 1.
It is not the current version, and thus it cannot be edited.
[Back to current version]
[Restore this version]
How to create new ACLs
In this part we will add ACLs to new objects.
Adding the aclManager to the person manager
- Open the PersonManagerImpl and add a new attribute:
private BasicAclProviderManager basicAclProviderManager;
/**
* @param basicAclProviderManager The basicAclProviderManager to set.
*/
public void setBasicAclProviderManager(BasicAclProviderManager basicAclProviderManager)
{
this.basicAclProviderManager = basicAclProviderManager;
}
|
- Optional: If you don't use autowire="byName" on the bean "personManager", add the following part to the correpsonfing beanDefinition:
<property name="basicAclProviderManager" ref="basicAclProviderManager"/>
Creating new ACls when saving a new person
- Goto the method savePerson() and replace it with the following code:
/**
* @see org.appfuse.service.PersonManager#savePerson(org.appfuse.model.Person)
*/
public void savePerson(Person person)
{
boolean isNew = person.getId()== null;
personDao.savePerson(person);
//If the person object is NEW, create new ACLs for the object
if(isNew)
{
//Create a new objectIdentity
BasicAclObjectIdentity identity = basicAclProviderManager.createBasicObjectIndentity(person);
//grant permission ADMINISTRATION for role "admin"
basicAclProviderManager.createPermissionForRole(identity,SimpleAclEntry.ADMINISTRATION,Constants.ADMIN_ROLE);
//Grant READ_WRITE permissions for the current user (the user creating this person)
basicAclProviderManager.createPermissionForCurrentUser(identity,SimpleAclEntry.READ_WRITE);
}
}
|
Removing ACLs when deleting a person
Finally, we need to delete the object identity and all permissions, if a person object is deleted:
- Change the method removePerson(String id):
/**
* @see org.appfuse.service.PersonManager#removePerson(java.lang.String)
*/
public void removePerson(String id)
{
personDao.removePerson(Long.valueOf(id));
basicAclProviderManager.deleteBasicAclObjectIdentity(Person.class,id);
}
|
Testing the App
- Redeploy your application
- Login as "mraible" and add a new person
- If you now go to the list screen, you should see the new person
- Logout and login as "tomcat".
- If you now go to the person list, you should see no persons
- Add a new person
- the list view should now contain 1 person
- Logout and login as "mraible"
- The person list should now contain 3 persons (1 already in the DB by the sample-data.xml, 1 added by "mraible" and 1 added by the user "tomcat")
- you can try to hack the app by playing with the URL, but if you (for example) try to save the person with the ID 1, you should get a "Access denied" exception ;)
Next step
Step VIII. How to use the ACLs in your JSPs
|