BasicAclEntryAfterInvocationProvider (Spring Security 2.0.6.RELEASE API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Spring Security Framework

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.afterinvocation
Class BasicAclEntryAfterInvocationProvider

java.lang.Object
  org.springframework.security.afterinvocation.BasicAclEntryAfterInvocationProvider

All Implemented Interfaces:: InitializingBean, MessageSourceAware, AfterInvocationProvider

Deprecated. Use new spring-security-acl module instead

public class BasicAclEntryAfterInvocationProvider
extends Object
implements AfterInvocationProvider, InitializingBean, MessageSourceAware
extends Object
implements AfterInvocationProvider, InitializingBean, MessageSourceAware

Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the AclManager.

The AclManager is used to retrieve the access control list (ACL) permissions associated with a domain object instance for the current Authentication object. This class is designed to process AclEntrys that are subclasses of BasicAclEntry only. Generally these are obtained by using the BasicAclProvider.

This after invocation provider will fire if any ConfigAttribute.getAttribute() matches the processConfigAttribute. The provider will then lookup the ACLs from the AclManager and ensure the principal is BasicAclEntry.isPermitted(int) for at least one of the requirePermissions.

Often users will setup a BasicAclEntryAfterInvocationProvider with a processConfigAttribute of AFTER_ACL_READ and a requirePermission of SimpleAclEntry.READ. These are also the defaults.

If the principal does not have sufficient permissions, an AccessDeniedException will be thrown.

The AclManager is allowed to return any implementations of AclEntry it wishes. However, this provider will only be able to validate against BasicAclEntrys, and thus access will be denied if no AclEntry is of type BasicAclEntry.

If the provided returnObject is null, permission will always be granted and null will be returned.

All comparisons and prefixes are case sensitive.

Field Summary
`protected static org.apache.commons.logging.Log`	`logger` Deprecated.
`protected MessageSourceAccessor`	`messages` Deprecated.

Constructor Summary
`BasicAclEntryAfterInvocationProvider()` Deprecated.

Method Summary
`void`	`afterPropertiesSet()` Deprecated.
`Object`	`decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)` Deprecated.
`AclManager`	`getAclManager()` Deprecated.
`String`	`getProcessConfigAttribute()` Deprecated.
`int[]`	`getRequirePermission()` Deprecated.
`void`	`setAclManager(AclManager aclManager)` Deprecated.
`void`	`setMessageSource(MessageSource messageSource)` Deprecated.
`void`	`setProcessConfigAttribute(String processConfigAttribute)` Deprecated.
`void`	`setProcessDomainObjectClass(Class processDomainObjectClass)` Deprecated.
`void`	`setRequirePermission(int[] requirePermission)` Deprecated.
`void`	`setRequirePermissionFromString(String[] requiredPermissions)` Deprecated. Allow setting permissions with String literals instead of integers as `setRequirePermission(int[])`
`boolean`	`supports(Class clazz)` Deprecated. This implementation supports any type of class, because it does not query the presented secure object.
`boolean`	`supports(ConfigAttribute attribute)` Deprecated. Indicates whether this `AfterInvocationProvider` is able to participate in a decision involving the passed `ConfigAttribute`.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

logger

protected static final org.apache.commons.logging.Log logger

Deprecated.

messages

protected MessageSourceAccessor messages

Deprecated.

Constructor Detail