Examples of org.jboss.security.acl.RoleBasedACLProviderImpl

• org.jboss.security.acl.RoleBasedACLProviderImpl

  Implementation of {@code ACLProvider} that uses the identity roles when checking if access to a protected resourceshould be granted or not. If no roles are associated with the specified identity, then the default implementation, which is based on the identity name, is used. Otherwise, {@code #isAccessGranted()} iterates over the roles and ifone of the roles has sufficient permissions, then access is granted.

  @author Stefan Guilhen

    * @throws Exception if an error occurs while running the test.
    */
   public void testACLProvider() throws Exception
   {
      // create the RoleBasedACLProvider instance.
      ACLProvider provider = new RoleBasedACLProviderImpl();
      provider.setPersistenceStrategy(this.strategy);

      // as john has role 2, he should be able to update resource 0.
      assertTrue(provider.isAccessGranted(this.resources[0], this.identity, BasicACLPermission.UPDATE));
      // none of john's roles has DELETE permission, so he should not be able to delete resource 0.
      assertFalse(provider.isAccessGranted(this.resources[0], this.identity, BasicACLPermission.DELETE));

      // now create a new identity for john that has no roles. The role-based provider should now use the
      // identity name (default impl) when checking for permissions.
      Identity identity = IdentityFactory.createIdentity("john");
      assertTrue(provider.isAccessGranted(this.resources[1], identity, new CompositeACLPermission(BasicACLPermission
            .values())));
      // access should be denied to resource 0, as that one has an ACL based on the roles.
      assertFalse(provider.isAccessGranted(this.resources[0], identity, BasicACLPermission.READ));
   }