AclManagerImpl.java

package com.wooki.domain.biz;

import java.util.List;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.MutableAclService;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

import com.wooki.domain.model.WookiEntity;

public class AclManagerImpl implements AclManager
{
    private static Logger logger = LoggerFactory.getLogger(AclManager.class);

    private MutableAclService mutableAclService;

    public void addPermission(WookiEntity secureObject, Permission permission, Class<?> clazz)
    {
        addPermission(secureObject, new PrincipalSid(getUsername()), permission, clazz);
    }

    public void addPermission(WookiEntity securedObject, Sid recipient, Permission permission,
            Class<?> clazz)
    {

        MutableAcl acl;
        ObjectIdentity oid = new ObjectIdentityImpl(clazz.getCanonicalName(), securedObject.getId());

        try
        {
            acl = (MutableAcl) mutableAclService.readAclById(oid);
        }
        catch (NotFoundException nfe)
        {
            acl = mutableAclService.createAcl(oid);
        }

        acl.insertAce(
                acl.getEntries() != null ? acl.getEntries().size() : 0,
                permission,
                recipient,
                true);
        mutableAclService.updateAcl(acl);

        if (logger.isDebugEnabled())
        {
            logger.debug("Added permission " + permission + " for Sid " + recipient
                    + " securedObject " + securedObject);
        }
    }

    public void deletePermission(WookiEntity securedObject, Sid recipient, Permission permission,
            Class<?> clazz)
    {
        ObjectIdentity oid = new ObjectIdentityImpl(clazz.getCanonicalName(), securedObject.getId());
        MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);

        // Remove all permissions associated with this particular recipient
        // (string equality used to keep things simple)
        List<AccessControlEntry> entries = acl.getEntries();

        if (entries != null)
        {
            for (int i = 0; i < entries.size(); i++)
            {
                AccessControlEntry entry = entries.get(0);
                if (entry.getSid().equals(recipient) && entry.getPermission().equals(permission))
                {
                    acl.deleteAce(i);
                }
            }
        }

        mutableAclService.updateAcl(acl);

        if (logger.isDebugEnabled())
        {
            logger.debug("Deleted securedObject " + securedObject
                    + " ACL permissions for recipient " + recipient);
        }
    }

    protected String getUsername()
    {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        if (auth.getPrincipal() instanceof UserDetails)
        {
            return ((UserDetails) auth.getPrincipal()).getUsername();
        }
        else
        {
            return auth.getPrincipal().toString();
        }
    }

    public MutableAclService getMutableAclService()
    {
        return mutableAclService;
    }

    public void setMutableAclService(MutableAclService mutableAclService)
    {
        this.mutableAclService = mutableAclService;
    }

}