@Transactional
// @Secured({"ROLE_ADMIN", "IP_LOCAL_HOST"})
@Secured("ACL_MESSAGE_DELETE")
public synchronized void deleteMessage(Message message) {
messages.remove(message.getId());
ObjectIdentity oid = new ObjectIdentityImpl(Message.class, message.getId());
mutableAclService.deleteAcl(oid, false);
}
@Transactional
@Secured("ROLE_USER")
public synchronized void postMessage(Message message) {
message.setId(System.currentTimeMillis());
messages.put(message.getId(), message);
ObjectIdentity oid = new ObjectIdentityImpl(Message.class, message.getId());
MutableAcl acl = mutableAclService.createAcl(oid);
acl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(message.getAuthor()), true);
acl.insertAce(1, BasePermission.DELETE, new GrantedAuthoritySid("ROLE_ADMIN"), true);
acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER"), true);
mutableAclService.updateAcl(acl);
}