public class AclEntryVoter extends AbstractAclVoter
Given a domain object instance passed as a method argument, ensures the principal has
appropriate permission as indicated by the AclService
.
The AclService is used to retrieve the access control list (ACL) permissions associated with a domain object instance for the current Authentication object.
The voter will vote if any ConfigAttribute.getAttribute()
matches the
processConfigAttribute
. The provider will then locate the first method
argument of type AbstractAclVoter.processDomainObjectClass
. Assuming that method argument is
non-null, the provider will then lookup the ACLs from the AclManager
and
ensure the principal is Acl.isGranted(List, List, boolean)
when presenting the
requirePermission
array to that method.
If the method argument is null, the voter will abstain from voting. If the
method argument could not be found, an AuthorizationServiceException
will be
thrown.
In practical terms users will typically setup a number of AclEntryVoters. Each
will have a different processDomainObjectClass
,
processConfigAttribute
and requirePermission
combination. For
example, a small application might employ the following instances of
AclEntryVoter:
BankAccount
, configuration attribute
VOTE_ACL_BANK_ACCONT_READ
, require permission
BasePermission.READ
BankAccount
, configuration attribute
VOTE_ACL_BANK_ACCOUNT_WRITE
, require permission list
BasePermission.WRITE
and BasePermission.CREATE
(allowing the
principal to have either of these two permissions)Customer
, configuration attribute
VOTE_ACL_CUSTOMER_READ
, require permission
BasePermission.READ
Customer
, configuration attribute
VOTE_ACL_CUSTOMER_WRITE
, require permission list
BasePermission.WRITE
and BasePermission.CREATE
AbstractAclVoter.processDomainObjectClass
if both BankAccount
and
Customer
had common parents.
If the principal does not have sufficient permissions, the voter will vote to deny access.
All comparisons and prefixes are case sensitive.
ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED
Constructor and Description |
---|
AclEntryVoter(AclService aclService,
String processConfigAttribute,
Permission[] requirePermission) |
Modifier and Type | Method and Description |
---|---|
protected String |
getInternalMethod()
Optionally specifies a method of the domain object that will be used to obtain a
contained domain object.
|
protected String |
getProcessConfigAttribute() |
void |
setInternalMethod(String internalMethod) |
void |
setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy) |
void |
setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy) |
boolean |
supports(ConfigAttribute attribute)
Indicates whether this
AccessDecisionVoter is able to vote on the passed
ConfigAttribute . |
int |
vote(Authentication authentication,
org.aopalliance.intercept.MethodInvocation object,
Collection<ConfigAttribute> attributes)
Indicates whether or not access is granted.
|
getDomainObjectInstance, getProcessDomainObjectClass, setProcessDomainObjectClass, supports
public AclEntryVoter(AclService aclService, String processConfigAttribute, Permission[] requirePermission)
protected String getInternalMethod()
null
to use the domain object, or the name of a method (that
requires no arguments) that should be invoked to obtain an Object
which will be the domain object used for ACL evaluationpublic void setInternalMethod(String internalMethod)
protected String getProcessConfigAttribute()
public void setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy objectIdentityRetrievalStrategy)
public void setSidRetrievalStrategy(SidRetrievalStrategy sidRetrievalStrategy)
public boolean supports(ConfigAttribute attribute)
AccessDecisionVoter
AccessDecisionVoter
is able to vote on the passed
ConfigAttribute
.
This allows the AbstractSecurityInterceptor
to check every configuration
attribute can be consumed by the configured AccessDecisionManager
and/or
RunAsManager
and/or AfterInvocationManager
.
attribute
- a configuration attribute that has been configured against the
AbstractSecurityInterceptor
AccessDecisionVoter
can support the passed
configuration attributepublic int vote(Authentication authentication, org.aopalliance.intercept.MethodInvocation object, Collection<ConfigAttribute> attributes)
AccessDecisionVoter
The decision must be affirmative (ACCESS_GRANTED
), negative (
ACCESS_DENIED
) or the AccessDecisionVoter
can abstain (
ACCESS_ABSTAIN
) from voting. Under no circumstances should implementing
classes return any other value. If a weighting of results is desired, this should
be handled in a custom
AccessDecisionManager
instead.
Unless an AccessDecisionVoter
is specifically intended to vote on an access
control decision due to a passed method invocation or configuration attribute
parameter, it must return ACCESS_ABSTAIN
. This prevents the coordinating
AccessDecisionManager
from counting votes from those
AccessDecisionVoter
s without a legitimate interest in the access control
decision.
Whilst the secured object (such as a MethodInvocation
) is passed as a
parameter to maximise flexibility in making access control decisions, implementing
classes should not modify it or cause the represented invocation to take place (for
example, by calling MethodInvocation.proceed()
).
authentication
- the caller making the invocationobject
- the secured object being invokedattributes
- the configuration attributes associated with the secured objectAccessDecisionVoter.ACCESS_GRANTED
, AccessDecisionVoter.ACCESS_ABSTAIN
or
AccessDecisionVoter.ACCESS_DENIED