org.springframework.security.acls.afterinvocation
Class AclEntryAfterInvocationProvider
java.lang.Object
   org.springframework.security.acls.afterinvocation.AbstractAclProvider
org.springframework.security.acls.afterinvocation.AbstractAclProvider
       org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
- All Implemented Interfaces: 
- MessageSourceAware, AfterInvocationProvider
- public class AclEntryAfterInvocationProvider 
- extends AbstractAclProvider- implements MessageSourceAware
Given a domain object instance returned from a secure object invocation, ensures the principal has
 appropriate permission as defined by the AclService.
 
 The AclService is used to retrieve the access control list (ACL) permissions associated with a
 domain object instance for the current Authentication object.
 
 This after invocation provider will fire if any  ConfigAttribute.getAttribute() matches the AbstractAclProvider.processConfigAttribute. The provider will then lookup the ACLs from the AclService and ensure the
 principal is Acl.isGranted(List, List, boolean) when presenting the AbstractAclProvider.requirePermission array to that method.
 
 Often users will set up an AclEntryAfterInvocationProvider with a AbstractAclProvider.processConfigAttribute of AFTER_ACL_READ and a AbstractAclProvider.requirePermission of
 BasePermission.READ. These are also the defaults.
 
 If the principal does not have sufficient permissions, an AccessDeniedException will be thrown.
 
 If the provided returnedObject is null, permission will always be granted and
 null will be returned.
 
 All comparisons and prefixes are case sensitive.
 
 
 
 
 
| Methods inherited from class java.lang.Object | 
| clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait | 
 
logger
protected static final org.apache.commons.logging.Log logger
messages
protected MessageSourceAccessor messages
AclEntryAfterInvocationProvider
public AclEntryAfterInvocationProvider(AclService aclService,
                                       List<Permission> requirePermission)
AclEntryAfterInvocationProvider
public AclEntryAfterInvocationProvider(AclService aclService,
                                       String processConfigAttribute,
                                       List<Permission> requirePermission)
decide
public Object decide(Authentication authentication,
                     Object object,
                     Collection<ConfigAttribute> config,
                     Object returnedObject)
              throws AccessDeniedException
- 
- Specified by:
- decidein interface- AfterInvocationProvider
 
- 
- Throws:
- AccessDeniedException
 
setMessageSource
public void setMessageSource(MessageSource messageSource)
- 
- Specified by:
- setMessageSourcein interface- MessageSourceAware
 
-