Examples of org.acegisecurity.acls.sid.PrincipalSid

• org.acegisecurity.acls.sid.PrincipalSid
  Represents an Authentication.getPrincipal() as a Sid.

  This is a basic implementation that simply uses the String-based principal for Sid comparison. More complex principal objects may wish to provide an alternative Sid implementation that uses some other identifier.

  @author Ben Alex @version $Id: PrincipalSid.java 1754 2006-11-17 02:01:21Z benalex $

     *      true or false if {@link #hasPermission(Sid, Permission)} returns it.
     *      Otherwise null, indicating that this ACL doesn't have any entry for it.
     */
    protected Boolean _hasPermission(Authentication a, Permission permission) {
        // ACL entries for this principal takes precedence
        Boolean b = hasPermission(new PrincipalSid(a),permission);
        if(LOGGER.isLoggable(FINER))
            LOGGER.finer("hasPermission(PrincipalSID:"+a.getPrincipal()+","+permission+")=>"+b);
        if(b!=null)
            return b;

            throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
        }

        // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        PrincipalSid sid = new PrincipalSid(auth);

        // Create the acl_object_identity row
        createObjectIdentity(objectIdentity, sid);

        // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)

            boolean entriesInheriting = rs.getBoolean("ENTRIES_INHERITING");
            Sid owner;

            if (rs.getBoolean("ACL_PRINCIPAL")) {
                owner = new PrincipalSid(rs.getString("ACL_SID"));
            } else {
                owner = new GrantedAuthoritySid(rs.getString("ACL_SID"));
            }

            acl = new AclImpl(objectIdentity, id, aclAuthorizationStrategy, auditLogger, parentAcl, null,
                    entriesInheriting, owner);
            acls.put(id, acl);
        }

        // Add an extra ACE to the ACL (ORDER BY maintains the ACE list order)
        // It is permissable to have no ACEs in an ACL (which is detected by a null ACE_SID)
        if (rs.getString("ACE_SID") != null) {
            Long aceId = new Long(rs.getLong("ACE_ID"));
            Sid recipient;

            if (rs.getBoolean("ACE_PRINCIPAL")) {
                recipient = new PrincipalSid(rs.getString("ACE_SID"));
            } else {
                recipient = new GrantedAuthoritySid(rs.getString("ACE_SID"));
            }

            Permission permission = BasePermission.buildFromMask(rs.getInt("MASK"));

        }

        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

        // Check if authorized by virtue of ACL ownership
        Sid currentUser = new PrincipalSid(authentication);

        if (currentUser.equals(acl.getOwner())
                && ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) {
            return;
        }

        // Not authorized by ACL ownership; try via adminstrative permissions

        // Create the Contact itself
        contact.setId(new Long(counter++));
        contactDao.create(contact);

        // Grant the current principal administrative permission to the contact
        addPermission(contact, new PrincipalSid(getUsername()), BasePermission.ADMINISTRATION);

        if (logger.isDebugEnabled()) {
            logger.debug("Created contact " + contact + " and granted admin permission to recipient " + getUsername());
        }
    }

    protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object command,
        BindException errors) throws Exception {
        AddPermission addPermission = (AddPermission) command;

        PrincipalSid sid = new PrincipalSid(addPermission.getRecipient());
        Permission permission = BasePermission.buildFromMask(addPermission.getPermission().intValue());

        try {
            contactManager.addPermission(addPermission.getContact(), sid, permission);
        } catch (DataAccessException existingPermission) {

        String sid = RequestUtils.getRequiredStringParameter(request, "sid");
        int mask = RequestUtils.getRequiredIntParameter(request, "permission");

        Contact contact = contactManager.getById(new Long(contactId));

        Sid sidObject = new PrincipalSid(sid);
        Permission permission = BasePermission.buildFromMask(mask);

        contactManager.deletePermission(contact, sidObject, permission);

        Map model = new HashMap();

    }

    private void changeOwner(int contactNumber, String newOwnerUsername) {
        AclImpl acl = (AclImpl) mutableAclService.readAclById(new ObjectIdentityImpl(Contact.class,
                    new Long(contactNumber)));
        acl.setOwner(new PrincipalSid(newOwnerUsername));
        updateAclInTransaction(acl);
    }

    }

    private void grantPermissions(int contactNumber, String recipientUsername, Permission permission) {
        AclImpl acl = (AclImpl) mutableAclService.readAclById(new ObjectIdentityImpl(Contact.class,
                    new Long(contactNumber)));
        acl.insertAce(null, permission, new PrincipalSid(recipientUsername), true);
        updateAclInTransaction(acl);
    }

     *      true or false if {@link #hasPermission(Sid, Permission)} returns it.
     *      Otherwise null, indicating that this ACL doesn't have any entry for it.
     */
    protected Boolean _hasPermission(Authentication a, Permission permission) {
        // ACL entries for this principal takes precedence
        Boolean b = hasPermission(new PrincipalSid(a),permission);
        if(b!=null) {
            if(LOGGER.isLoggable(FINER))
                LOGGER.finer("hasPermission(PrincipalSID:"+a.getPrincipal()+","+permission+")=>"+b);
            return b;
        }