Class AclEntryAfterInvocationProvider

  extended by
      extended by
All Implemented Interfaces:
MessageSourceAware, AfterInvocationProvider

public class AclEntryAfterInvocationProvider
extends AbstractAclProvider
implements MessageSourceAware

Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the AclService.

The AclService is used to retrieve the access control list (ACL) permissions associated with a domain object instance for the current Authentication object.

This after invocation provider will fire if any ConfigAttribute.getAttribute() matches the AbstractAclProvider.processConfigAttribute. The provider will then lookup the ACLs from the AclService and ensure the principal is Acl.isGranted(Permission[], Sid[], boolean) when presenting the AbstractAclProvider.requirePermission array to that method.

Often users will setup an AclEntryAfterInvocationProvider with a AbstractAclProvider.processConfigAttribute of AFTER_ACL_READ and a AbstractAclProvider.requirePermission of BasePermission.READ. These are also the defaults.

If the principal does not have sufficient permissions, an AccessDeniedException will be thrown.

If the provided returnedObject is null, permission will always be granted and null will be returned.

All comparisons and prefixes are case sensitive.

Field Summary
protected static org.apache.commons.logging.Log logger
protected  MessageSourceAccessor messages
Fields inherited from class
aclService, objectIdentityRetrievalStrategy, processConfigAttribute, processDomainObjectClass, requirePermission, sidRetrievalStrategy
Constructor Summary
AclEntryAfterInvocationProvider(AclService aclService, List<Permission> requirePermission)
AclEntryAfterInvocationProvider(AclService aclService, String processConfigAttribute, List<Permission> requirePermission)
Method Summary
 Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject)
 void setMessageSource(MessageSource messageSource)
Methods inherited from class
getProcessDomainObjectClass, hasPermission, setObjectIdentityRetrievalStrategy, setProcessConfigAttribute, setProcessDomainObjectClass, setSidRetrievalStrategy, supports, supports
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail


protected static final org.apache.commons.logging.Log logger


protected MessageSourceAccessor messages
Constructor Detail


public AclEntryAfterInvocationProvider(AclService aclService,
                                       List<Permission> requirePermission)


public AclEntryAfterInvocationProvider(AclService aclService,
                                       String processConfigAttribute,
                                       List<Permission> requirePermission)
Method Detail


public Object decide(Authentication authentication,
                     Object object,
                     Collection<ConfigAttribute> config,
                     Object returnedObject)
              throws AccessDeniedException
Specified by:
decide in interface AfterInvocationProvider


public void setMessageSource(MessageSource messageSource)
Specified by:
setMessageSource in interface MessageSourceAware

Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.