清单 9. 使用访问控制列表服务
public void createNewReport(String title, String content) throws ServiceException {
final Report report = new Report();
report.setTitle(title);
report.setContent(content);
transactionTemplate.execute(new TransactionCallback<Object>() {
public Object doInTransaction(TransactionStatus status) {
reportDao.create(report);
addPermission(report.getId(), new PrincipalSid(getUsername()),
BasePermission.ADMINISTRATION);
return null;
}
});
}
public void grantRead(final String username, final Long reportId) {
transactionTemplate.execute(new TransactionCallback<Object>() {
public Object doInTransaction(TransactionStatus status) {
addPermission(reportId, new PrincipalSid(username), BasePermission.READ);
return null;
}
});
}
private void addPermission(Long reportId, Sid recipient, Permission permission) {
MutableAcl acl;
ObjectIdentity oid = new ObjectIdentityImpl(Report.class, reportId);
try {
acl = (MutableAcl) mutableAclService.readAclById(oid);
} catch (NotFoundException nfe) {
acl = mutableAclService.createAcl(oid);
}
acl.insertAce(acl.getEntries().size(), permission, recipient, true);
mutableAclService.updateAcl(acl);
}
final Report report = new Report();
report.setTitle(title);
report.setContent(content);
transactionTemplate.execute(new TransactionCallback<Object>() {
public Object doInTransaction(TransactionStatus status) {
reportDao.create(report);
addPermission(report.getId(), new PrincipalSid(getUsername()),
BasePermission.ADMINISTRATION);
return null;
}
});
}
public void grantRead(final String username, final Long reportId) {
transactionTemplate.execute(new TransactionCallback<Object>() {
public Object doInTransaction(TransactionStatus status) {
addPermission(reportId, new PrincipalSid(username), BasePermission.READ);
return null;
}
});
}
private void addPermission(Long reportId, Sid recipient, Permission permission) {
MutableAcl acl;
ObjectIdentity oid = new ObjectIdentityImpl(Report.class, reportId);
try {
acl = (MutableAcl) mutableAclService.readAclById(oid);
} catch (NotFoundException nfe) {
acl = mutableAclService.createAcl(oid);
}
acl.insertAce(acl.getEntries().size(), permission, recipient, true);
mutableAclService.updateAcl(acl);
}
代码清单 9中的 addPermission(Long reportId, Sid recipient, Permission permission)方法用来为某个报表添加访问控制权限,参数 reportId表示的是报表的 ID,用来标识一个报表;recipient表示的是需要授权的用户;permission表示的是授予的权限。createNewReport()方法用来创建一个报表,同时给创建报表的用户授予管理权限(BasePermission.ADMINISTRATION)。grantRead()方法用来给某个用户对某个报表授予读权限(BasePermission.READ)。这里需要注意的是,对访问控制列表的操作都需要在一个事务中进行处理。利用 Spring 提供的事务模板(org.springframework.transaction.support.TransactionTemplate)就可以很好的处理事务。对于权限,Spring Security 提供了 4 种基本的权限:读、写、删除和管理。开发人员可以在这基础上定义自己的权限。
在介绍完访问控制列表之后,下面介绍 Spring Security 提供的 JSP 标签库。
