|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider
public class BasicAclEntryAfterInvocationCollectionFilteringProvider
Given a Collection
of domain object instances returned from a secure object invocation, remove
any Collection
elements the principal does not have appropriate permission to access as defined by the
AclManager
.
The AclManager
is used to retrieve the access control list (ACL) permissions associated with
each Collection
domain object instance element for the current Authentication
object.
This class is designed to process AclEntry
s that are subclasses of BasicAclEntry
only. Generally these are obtained by using the BasicAclProvider
.
This after invocation provider will fire if any ConfigAttribute.getAttribute()
matches the processConfigAttribute
. The provider will then lookup the ACLs from the AclManager
and ensure the
principal is BasicAclEntry.isPermitted(int)
for at least one of the requirePermission
s for each Collection
element. If the principal does not have at least one of the
permissions, that element will not be included in the returned Collection
.
Often users will setup a BasicAclEntryAfterInvocationProvider
with a processConfigAttribute
of AFTER_ACL_COLLECTION_READ
and a requirePermission
of
SimpleAclEntry.READ
. These are also the defaults.
The AclManager
is allowed to return any implementations of AclEntry
it wishes.
However, this provider will only be able to validate against BasicAclEntry
s, and thus a
Collection
element will be filtered from the resulting Collection
if no
AclEntry
is of type BasicAclEntry
.
If the provided returnObject
is null
, a null
Collection
will be returned. If the provided returnObject
is not a Collection
, an AuthorizationServiceException
will be thrown.
All comparisons and prefixes are case sensitive.
Field Summary | |
---|---|
protected static org.apache.commons.logging.Log |
logger
Deprecated. |
Constructor Summary | |
---|---|
BasicAclEntryAfterInvocationCollectionFilteringProvider()
Deprecated. |
Method Summary | |
---|---|
void |
afterPropertiesSet()
Deprecated. |
Object |
decide(Authentication authentication,
Object object,
ConfigAttributeDefinition config,
Object returnedObject)
Deprecated. |
AclManager |
getAclManager()
Deprecated. |
String |
getProcessConfigAttribute()
Deprecated. |
int[] |
getRequirePermission()
Deprecated. |
void |
setAclManager(AclManager aclManager)
Deprecated. |
void |
setProcessConfigAttribute(String processConfigAttribute)
Deprecated. |
void |
setProcessDomainObjectClass(Class processDomainObjectClass)
Deprecated. |
void |
setRequirePermission(int[] requirePermission)
Deprecated. |
void |
setRequirePermissionFromString(String[] requiredPermissions)
Deprecated. Allow setting permissions with String literals instead of integers as setRequirePermission(int[]) |
boolean |
supports(Class clazz)
Deprecated. This implementation supports any type of class, because it does not query the presented secure object. |
boolean |
supports(ConfigAttribute attribute)
Deprecated. Indicates whether this AfterInvocationProvider is able to participate in a decision
involving the passed ConfigAttribute . |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static final org.apache.commons.logging.Log logger
Constructor Detail |
---|
public BasicAclEntryAfterInvocationCollectionFilteringProvider()
Method Detail |
---|
public void afterPropertiesSet() throws Exception
afterPropertiesSet
in interface InitializingBean
Exception
public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject) throws AccessDeniedException
decide
in interface AfterInvocationProvider
AccessDeniedException
public AclManager getAclManager()
public String getProcessConfigAttribute()
public int[] getRequirePermission()
public void setAclManager(AclManager aclManager)
public void setProcessConfigAttribute(String processConfigAttribute)
public void setProcessDomainObjectClass(Class processDomainObjectClass)
public void setRequirePermission(int[] requirePermission)
public void setRequirePermissionFromString(String[] requiredPermissions)
setRequirePermission(int[])
requiredPermissions
- permission literalsfor valid values
public boolean supports(ConfigAttribute attribute)
AfterInvocationProvider
AfterInvocationProvider
is able to participate in a decision
involving the passed ConfigAttribute
.This allows the
AbstractSecurityInterceptor
to check every configuration attribute can be consumed by the
configured AccessDecisionManager
and/or RunAsManager
and/or
AccessDecisionManager
.
supports
in interface AfterInvocationProvider
attribute
- a configuration attribute that has been configured against the
AbstractSecurityInterceptor
AfterInvocationProvider
can support the passed configuration attributepublic boolean supports(Class clazz)
supports
in interface AfterInvocationProvider
clazz
- the secure object
true
|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |