Class AclEntryAfterInvocationProvider
- All Implemented Interfaces:
org.springframework.beans.factory.Aware,org.springframework.context.MessageSourceAware,AfterInvocationProvider
AclService.
The AclService is used to retrieve the access control list (ACL)
permissions associated with a domain object instance for the current
Authentication object.
This after invocation provider will fire if any ConfigAttribute.getAttribute()
matches the AbstractAclProvider.processConfigAttribute. The provider will then lookup the ACLs
from the AclService and ensure the principal is
Acl.isGranted(List, List, boolean) when presenting the AbstractAclProvider.requirePermission
array to that method.
Often users will set up an AclEntryAfterInvocationProvider with a
AbstractAclProvider.processConfigAttribute of AFTER_ACL_READ and a
AbstractAclProvider.requirePermission of BasePermission.READ. These are also the
defaults.
If the principal does not have sufficient permissions, an
AccessDeniedException will be thrown.
If the provided returnedObject is null, permission will always be
granted and null will be returned.
All comparisons and prefixes are case sensitive.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final org.apache.commons.logging.LogDeprecated.protected org.springframework.context.support.MessageSourceAccessorDeprecated.Fields inherited from class org.springframework.security.acls.afterinvocation.AbstractAclProvider
aclService, objectIdentityRetrievalStrategy, processConfigAttribute, processDomainObjectClass, requirePermission, sidRetrievalStrategy -
Constructor Summary
ConstructorsConstructorDescriptionAclEntryAfterInvocationProvider(AclService aclService, String processConfigAttribute, List<Permission> requirePermission) Deprecated.AclEntryAfterInvocationProvider(AclService aclService, List<Permission> requirePermission) Deprecated. -
Method Summary
Modifier and TypeMethodDescriptiondecide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject) Deprecated.voidsetMessageSource(org.springframework.context.MessageSource messageSource) Deprecated.Methods inherited from class org.springframework.security.acls.afterinvocation.AbstractAclProvider
getProcessDomainObjectClass, hasPermission, setObjectIdentityRetrievalStrategy, setProcessConfigAttribute, setProcessDomainObjectClass, setSidRetrievalStrategy, supports, supports
-
Field Details
-
logger
protected static final org.apache.commons.logging.Log loggerDeprecated. -
messages
protected org.springframework.context.support.MessageSourceAccessor messagesDeprecated.
-
-
Constructor Details
-
AclEntryAfterInvocationProvider
Deprecated. -
AclEntryAfterInvocationProvider
public AclEntryAfterInvocationProvider(AclService aclService, String processConfigAttribute, List<Permission> requirePermission) Deprecated.
-
-
Method Details
-
decide
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject) throws AccessDeniedException Deprecated.- Specified by:
decidein interfaceAfterInvocationProvider- Throws:
AccessDeniedException
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource) Deprecated.- Specified by:
setMessageSourcein interfaceorg.springframework.context.MessageSourceAware
-
AclPermissionEvaluatorinstead. Spring Method Security annotations may also prove useful, for example@PostAuthorize("hasPermission(filterObject, read)")