public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements MessageSourceAware
AclService
.
The AclService
is used to retrieve the access control list (ACL) permissions associated with a
domain object instance for the current Authentication
object.
This after invocation provider will fire if any ConfigAttribute.getAttribute()
matches the AbstractAclProvider.processConfigAttribute
. The provider will then lookup the ACLs from the AclService and ensure the
principal is Acl.isGranted(List, List, boolean)
when presenting the AbstractAclProvider.requirePermission
array to that method.
Often users will set up an AclEntryAfterInvocationProvider
with a AbstractAclProvider.processConfigAttribute
of AFTER_ACL_READ
and a AbstractAclProvider.requirePermission
of
BasePermission.READ
. These are also the defaults.
If the principal does not have sufficient permissions, an AccessDeniedException
will be thrown.
If the provided returnedObject is null
, permission will always be granted and
null
will be returned.
All comparisons and prefixes are case sensitive.
Modifier and Type | Field and Description |
---|---|
protected static org.apache.commons.logging.Log |
logger |
protected MessageSourceAccessor |
messages |
aclService, objectIdentityRetrievalStrategy, processConfigAttribute, processDomainObjectClass, requirePermission, sidRetrievalStrategy
Constructor and Description |
---|
AclEntryAfterInvocationProvider(AclService aclService,
List<Permission> requirePermission) |
AclEntryAfterInvocationProvider(AclService aclService,
String processConfigAttribute,
List<Permission> requirePermission) |
Modifier and Type | Method and Description |
---|---|
Object |
decide(Authentication authentication,
Object object,
Collection<ConfigAttribute> config,
Object returnedObject) |
void |
setMessageSource(MessageSource messageSource) |
getProcessDomainObjectClass, hasPermission, setObjectIdentityRetrievalStrategy, setProcessConfigAttribute, setProcessDomainObjectClass, setSidRetrievalStrategy, supports, supports
protected static final org.apache.commons.logging.Log logger
protected MessageSourceAccessor messages
public AclEntryAfterInvocationProvider(AclService aclService, List<Permission> requirePermission)
public AclEntryAfterInvocationProvider(AclService aclService, String processConfigAttribute, List<Permission> requirePermission)
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject) throws AccessDeniedException
decide
in interface AfterInvocationProvider
AccessDeniedException
public void setMessageSource(MessageSource messageSource)
setMessageSource
in interface MessageSourceAware