Package com.netflix.spinnaker.security

Class AbstractPermissionEvaluator

java.lang.Object

com.netflix.spinnaker.security.AbstractPermissionEvaluator

All Implemented Interfaces:

org.springframework.aop.framework.AopInfrastructureBean, org.springframework.security.access.PermissionEvaluator

public abstract class AbstractPermissionEvaluator
extends Object
implements org.springframework.security.access.PermissionEvaluator

Base implementation for permission evaluators that support AccessControlled domain objects.

Constructor Summary

Constructors

Constructor	Description
AbstractPermissionEvaluator()

Method Summary

Modifier and Type	Method	Description
abstract boolean	hasPermission(String username, Serializable targetId, String targetType, Object permission)	Alternative method for evaluating a permission where only the identifier of the user and target object is available, rather than the authenticated user and target objects themselves.
boolean	hasPermission(org.springframework.security.core.Authentication authentication, Serializable targetId, String targetType, Object permission)
boolean	hasPermission(org.springframework.security.core.Authentication authentication, Object targetDomainObject, Object permission)
protected boolean	isDisabled()	Indicates whether permission evaluation is disabled.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AbstractPermissionEvaluator

public AbstractPermissionEvaluator()

Method Details

hasPermission

public boolean hasPermission(org.springframework.security.core.Authentication authentication,
 Object targetDomainObject,
 Object permission)

Specified by:

hasPermission in interface org.springframework.security.access.PermissionEvaluator

hasPermission

public boolean hasPermission(org.springframework.security.core.Authentication authentication,
 Serializable targetId,
 String targetType,
 Object permission)

Specified by:

hasPermission in interface org.springframework.security.access.PermissionEvaluator

isDisabled

protected boolean isDisabled()

Indicates whether permission evaluation is disabled. When this is true, hasPermission calls should return true. This should be overridden to allow for toggling this evaluator at runtime.

hasPermission

public abstract boolean hasPermission(String username,
 Serializable targetId,
 String targetType,
 Object permission)

Alternative method for evaluating a permission where only the identifier of the user and target object is available, rather than the authenticated user and target objects themselves.

Parameters:

username - identifier for user to check permissions for

targetId - identifier of the target resource to check permissions

targetType - the type of the target resource being checked

permission - the permission being validated

Returns:

true if the permission is granted