Examples of org.jboss.security.acl.ACLProvider

• org.jboss.security.acl.ACLProvider

  An ACLProvider is responsible for the management of the ACLs associated to the resources being protected. Implementations of this interface will tipically interact with some sort of repository, where the ACLs are stored.

  @author Stefan Guilhen

   private ACLProvider instantiateModule(String name,
         Map<String,Object> map)
   throws PrivilegedActionException
   {
      ACLProvider am = null;
      ClassLoader tcl = SecurityActions.getContextClassLoader();
      try
      {
         Class<?> clazz = tcl.loadClass(name);
         am = (ACLProvider)clazz.newInstance();
      }
      catch ( Exception e)
      {
         log.debug("Error instantiating AuthorizationModule:",e);
      }
      if(am == null)
         throw new IllegalStateException("ACLProvider has not " +
               "been instantiated");
      am.initialize(this.sharedState,map);
      return am;
   }

   {
      Set<T> entitlements = new HashSet<T>();
      int length = modules.size();
      for(int i = 0; i < length; i++)
      {
         ACLProvider module = (ACLProvider)modules.get(i);
         try
         {
            Set<T> er = module.getEntitlements(clazz, resource, identity);
            if(er == null)
               throw new AuthorizationException("module "+module.getClass().getName()
                     +" generated null entitlements.");
            entitlements.addAll(er);
         }
         catch(Exception ae)
         {

   throws AuthorizationException
   {
      int length = modules.size();
      for(int i = 0; i < length; i++)
      {
         ACLProvider module = (ACLProvider)modules.get(i);
         boolean bool = module.tearDown();
         if(!bool)
            throw new AuthorizationException("TearDown on module failed:"+module.getClass());
      }
      modules.clear();
   }

      }
   }

   private ACLProvider instantiateModule(String name, Map<String, Object> map) throws PrivilegedActionException
   {
      ACLProvider am = null;
      ClassLoader tcl = SecurityActions.getContextClassLoader();
      try
      {
         Class<?> clazz = tcl.loadClass(name);
         am = (ACLProvider) clazz.newInstance();
      }
      catch (Exception e)
      {
         log.debug("Error instantiating AuthorizationModule:", e);
      }
      if (am == null)
         throw new IllegalStateException("ACLProvider has not " + "been instantiated");
      am.initialize(this.sharedState, map);
      return am;
   }

   {
      Set<T> entitlements = new HashSet<T>();
      int length = modules.size();
      for (int i = 0; i < length; i++)
      {
         ACLProvider module = modules.get(i);
         try
         {
            Set<T> er = module.getEntitlements(clazz, resource, identity);
            if (er == null)
               throw new AuthorizationException("module " + module.getClass().getName()
                     + " generated null entitlements.");
            entitlements.addAll(er);
         }
         catch (Exception ae)
         {

      boolean encounteredRequiredError = false;
      int overallDecision = DENY;

      for (int i = 0; i < super.modules.size(); i++)
      {
         ACLProvider module = super.modules.get(i);
         ControlFlag flag = super.controlFlags.get(i);
         int decision = DENY;
         try
         {
            decision = module.isAccessGranted(resource, identity, permission) ? PERMIT : DENY;
            if (trace)
               log.trace("ACL module " + module.getClass().getName() + (decision == PERMIT ? " granted " : " denied ")
                     + "access to resource " + resource);
            // if decision is PERMIT and module is SUFFICIENT, the overall result is PERMIT.
            if (decision == PERMIT)
            {
               overallDecision = PERMIT;

   private void invokeTeardown() throws AuthorizationException
   {
      int length = modules.size();
      for (int i = 0; i < length; i++)
      {
         ACLProvider module = modules.get(i);
         boolean bool = module.tearDown();
         if (!bool)
            throw new AuthorizationException("TearDown on module failed:" + module.getClass());
      }
      modules.clear();
   }

    * @throws Exception if an error occurs while running the test.
    */
   public void testACLProvider() throws Exception
   {
      // create the RoleBasedACLProvider instance.
      ACLProvider provider = new RoleBasedACLProviderImpl();
      provider.setPersistenceStrategy(this.strategy);

      // as john has role 2, he should be able to update resource 0.
      assertTrue(provider.isAccessGranted(this.resources[0], this.identity, BasicACLPermission.UPDATE));
      // none of john's roles has DELETE permission, so he should not be able to delete resource 0.
      assertFalse(provider.isAccessGranted(this.resources[0], this.identity, BasicACLPermission.DELETE));

      // now create a new identity for john that has no roles. The role-based provider should now use the
      // identity name (default impl) when checking for permissions.
      Identity identity = IdentityFactory.createIdentity("john");
      assertTrue(provider.isAccessGranted(this.resources[1], identity, new CompositeACLPermission(BasicACLPermission
            .values())));
      // access should be denied to resource 0, as that one has an ACL based on the roles.
      assertFalse(provider.isAccessGranted(this.resources[0], identity, BasicACLPermission.READ));
   }