Support Authentication.getPrincipal() of UserDetails and improve logging.
This commit is contained in:
Ben Alex
parent
e462c5a201
commit
9972c69408
|
|
@ -17,8 +17,12 @@ package net.sf.acegisecurity.acl.basic;
|
|||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.UserDetails;
|
||||
import net.sf.acegisecurity.acl.AclEntry;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
|
|
@ -55,6 +59,10 @@ import java.util.Vector;
|
|||
*/
|
||||
public class GrantedAuthorityEffectiveAclsResolver
|
||||
implements EffectiveAclsResolver {
|
||||
//~ Static fields/initializers =============================================
|
||||
|
||||
private static final Log logger = LogFactory.getLog(GrantedAuthorityEffectiveAclsResolver.class);
|
||||
|
||||
//~ Methods ================================================================
|
||||
|
||||
public AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls,
|
||||
|
|
@ -65,17 +73,39 @@ public class GrantedAuthorityEffectiveAclsResolver
|
|||
|
||||
List list = new Vector();
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Locating AclEntry[]s (from set of "
|
||||
+ ((allAcls == null) ? 0 : allAcls.length)
|
||||
+ ") that apply to Authentication: " + filteredBy);
|
||||
}
|
||||
|
||||
for (int i = 0; i < allAcls.length; i++) {
|
||||
if (!(allAcls[i] instanceof BasicAclEntry)) {
|
||||
if (!(allAcls[i] instanceof AbstractBasicAclEntry)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
Object recipient = ((BasicAclEntry) allAcls[i]).getRecipient();
|
||||
Object recipient = ((AbstractBasicAclEntry) allAcls[i])
|
||||
.getRecipient();
|
||||
|
||||
// Allow the Authentication's getPrincipal to decide whether
|
||||
// the presented recipient is "equal" (allows BasicAclDaos to
|
||||
// return Strings rather than proper objects in simple cases)
|
||||
if (filteredBy.getPrincipal().equals(recipient)) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Principal matches AclEntry recipient: "
|
||||
+ recipient);
|
||||
}
|
||||
|
||||
list.add(allAcls[i]);
|
||||
} else if (filteredBy.getPrincipal() instanceof UserDetails
|
||||
&& ((UserDetails) filteredBy.getPrincipal()).getUsername()
|
||||
.equals(recipient)) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
"Principal (from UserDetails) matches AclEntry recipient: "
|
||||
+ recipient);
|
||||
}
|
||||
|
||||
list.add(allAcls[i]);
|
||||
} else {
|
||||
// No direct match against principal; try each authority.
|
||||
|
|
@ -85,11 +115,22 @@ public class GrantedAuthorityEffectiveAclsResolver
|
|||
GrantedAuthority[] authorities = filteredBy.getAuthorities();
|
||||
|
||||
if ((authorities == null) || (authorities.length == 0)) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
"Did not match principal and there are no granted authorities, so cannot compare with recipient: "
|
||||
+ recipient);
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
for (int k = 0; k < authorities.length; k++) {
|
||||
if (authorities[k].equals(recipient)) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("GrantedAuthority: " + authorities[k]
|
||||
+ " matches recipient: " + recipient);
|
||||
}
|
||||
|
||||
list.add(allAcls[i]);
|
||||
}
|
||||
}
|
||||
|
|
@ -98,8 +139,18 @@ public class GrantedAuthorityEffectiveAclsResolver
|
|||
|
||||
// return null if appropriate (as per interface contract)
|
||||
if (list.size() > 0) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Returning effective AclEntry array with "
|
||||
+ list.size() + " elements");
|
||||
}
|
||||
|
||||
return (BasicAclEntry[]) list.toArray(new BasicAclEntry[] {});
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(
|
||||
"Returning null AclEntry array as zero effective AclEntrys found");
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue