To use the ACL capabilities for an object, the manager for this object has to be changed, too. It has to take care of creating ACLs for a new object, as well as deleting them if an existing object gets deleted.

For the PersonManager to be able to change ACLs, it needs a reference to the ACL-manager. This results in the following method definition:

private BasicAclProviderManager basicAclProviderManager;
 
public void setBasicAclProviderManager(BasicAclProviderManager basicAclProviderManager) {
	this.basicAclProviderManager = basicAclProviderManager;
}

The Spring configuration of the PersonManager has to be changed like this:

<bean id="personManager" class="org.appfuse.service.impl.PersonManagerImpl">
	<constructor-arg ref="personDao"/>
	<property name="basicAclProviderManager" ref="basicAclProviderManager"/>
</bean>

If a new Person-object gets persisted, ACL entries have to be created:

public Person savePerson(Person person) {
	boolean isNew = person.getId()== null;
	Person savedPerson = personDao.save(person);
 
	// If the person object is NEW, create new ACLs for the object 
	if(isNew) {
		// Create a new objectIdentity
		BasicAclObjectIdentity identity = basicAclProviderManager.createBasicObjectIndentity(savedPerson);
		// grant permission ADMINISTRATION for role "admin"
		basicAclProviderManager.createPermissionForRole(identity, SimpleAclEntry.ADMINISTRATION, Constants.ADMIN_ROLE);
		// Grant READ_WRITE permissions for the current user (the user creating this person)
		basicAclProviderManager.createPermissionForCurrentUser(identity, SimpleAclEntry.READ_WRITE_DELETE);
	}
	return savedPerson;
}

If an existing Person-object gets deleted, all attached ACL entries hava to be deleted:

public void removePerson(Long id) {
	basicAclProviderManager.deleteBasicAclObjectIdentity(Person.class, id);
	personDao.remove(id);
}