From 9972c69408ae4155065bc4fbd4f65cb4fe9a84a5 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Mon, 15 Nov 2004 01:40:18 +0000 Subject: [PATCH] Support Authentication.getPrincipal() of UserDetails and improve logging. --- ...GrantedAuthorityEffectiveAclsResolver.java | 55 ++++++++++++++++++- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java b/core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java index 9a9ccf8a5a..b66276c2a1 100644 --- a/core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java +++ b/core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java @@ -17,8 +17,12 @@ package net.sf.acegisecurity.acl.basic; import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.GrantedAuthority; +import net.sf.acegisecurity.UserDetails; import net.sf.acegisecurity.acl.AclEntry; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + import java.util.List; import java.util.Vector; @@ -55,6 +59,10 @@ import java.util.Vector; */ public class GrantedAuthorityEffectiveAclsResolver implements EffectiveAclsResolver { + //~ Static fields/initializers ============================================= + + private static final Log logger = LogFactory.getLog(GrantedAuthorityEffectiveAclsResolver.class); + //~ Methods ================================================================ public AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, @@ -65,17 +73,39 @@ public class GrantedAuthorityEffectiveAclsResolver List list = new Vector(); + if (logger.isDebugEnabled()) { + logger.debug("Locating AclEntry[]s (from set of " + + ((allAcls == null) ? 0 : allAcls.length) + + ") that apply to Authentication: " + filteredBy); + } + for (int i = 0; i < allAcls.length; i++) { - if (!(allAcls[i] instanceof BasicAclEntry)) { + if (!(allAcls[i] instanceof AbstractBasicAclEntry)) { continue; } - Object recipient = ((BasicAclEntry) allAcls[i]).getRecipient(); + Object recipient = ((AbstractBasicAclEntry) allAcls[i]) + .getRecipient(); // Allow the Authentication's getPrincipal to decide whether // the presented recipient is "equal" (allows BasicAclDaos to // return Strings rather than proper objects in simple cases) if (filteredBy.getPrincipal().equals(recipient)) { + if (logger.isDebugEnabled()) { + logger.debug("Principal matches AclEntry recipient: " + + recipient); + } + + list.add(allAcls[i]); + } else if (filteredBy.getPrincipal() instanceof UserDetails + && ((UserDetails) filteredBy.getPrincipal()).getUsername() + .equals(recipient)) { + if (logger.isDebugEnabled()) { + logger.debug( + "Principal (from UserDetails) matches AclEntry recipient: " + + recipient); + } + list.add(allAcls[i]); } else { // No direct match against principal; try each authority. @@ -85,11 +115,22 @@ public class GrantedAuthorityEffectiveAclsResolver GrantedAuthority[] authorities = filteredBy.getAuthorities(); if ((authorities == null) || (authorities.length == 0)) { + if (logger.isDebugEnabled()) { + logger.debug( + "Did not match principal and there are no granted authorities, so cannot compare with recipient: " + + recipient); + } + continue; } for (int k = 0; k < authorities.length; k++) { if (authorities[k].equals(recipient)) { + if (logger.isDebugEnabled()) { + logger.debug("GrantedAuthority: " + authorities[k] + + " matches recipient: " + recipient); + } + list.add(allAcls[i]); } } @@ -98,8 +139,18 @@ public class GrantedAuthorityEffectiveAclsResolver // return null if appropriate (as per interface contract) if (list.size() > 0) { + if (logger.isDebugEnabled()) { + logger.debug("Returning effective AclEntry array with " + + list.size() + " elements"); + } + return (BasicAclEntry[]) list.toArray(new BasicAclEntry[] {}); } else { + if (logger.isDebugEnabled()) { + logger.debug( + "Returning null AclEntry array as zero effective AclEntrys found"); + } + return null; } }