Product SiteDocumentation Site

Chapter 10. Identity Management - Permissions API and Permission Management

10.1. Overview
10.2. Checking permissions for the current user
10.3. ACL Permissions
10.3.1. Managing ACLs
10.3.2. Configuring resources for ACL usage
10.3.3. Restricting resource operations
10.4. PermissionResolver SPI

10.1. Overview

The Permissions API is a set of extensible authorization features that provide capabilities for determining access privileges for application resources. This chapter describes the ACL (Access Control List) features and the management of persistent resource permissions via the PermissionManager. It also explains how the PermissionResolver SPI can be used to in conjunction with a custom PermissionVoter implementation, allowing you to plugin your own custom authorization logic.
The Permission interface is used in a number of places throughout the Permissions API, and defines the following methods: 
public interface Permission {

    Object getResource();

    Class<?> getResourceClass();

    Serializable getResourceIdentifier();

    IdentityType getAssignee();

    String getOperation();
}
Each permission instance represents a specific resource permission, and contains three important pieces of state:
  • The assignee, which is the identity to which the permission is assigned.
  • The operation, which is a string value that represents the exact action that the assigned identity is allowed to perform.
  • Either a direct reference to the resource (if known), or a combination of a resource class and resource identifier. This value represents the resource to which the permission applies.
Report a bug