Class AclEntryAfterInvocationProvider

  • All Implemented Interfaces:
    org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware, AfterInvocationProvider

    public class AclEntryAfterInvocationProvider
    extends AbstractAclProvider
    implements org.springframework.context.MessageSourceAware
    Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the AclService.

    The AclService is used to retrieve the access control list (ACL) permissions associated with a domain object instance for the current Authentication object.

    This after invocation provider will fire if any ConfigAttribute.getAttribute() matches the AbstractAclProvider.processConfigAttribute. The provider will then lookup the ACLs from the AclService and ensure the principal is Acl.isGranted(List, List, boolean) when presenting the AbstractAclProvider.requirePermission array to that method.

    Often users will set up an AclEntryAfterInvocationProvider with a AbstractAclProvider.processConfigAttribute of AFTER_ACL_READ and a AbstractAclProvider.requirePermission of BasePermission.READ. These are also the defaults.

    If the principal does not have sufficient permissions, an AccessDeniedException will be thrown.

    If the provided returnedObject is null, permission will always be granted and null will be returned.

    All comparisons and prefixes are case sensitive.

    • Field Detail

      • logger

        protected static final org.apache.commons.logging.Log logger
      • messages

        protected messages
    • Constructor Detail

      • AclEntryAfterInvocationProvider

        public AclEntryAfterInvocationProvider​(AclService aclService,
                                               java.util.List<Permission> requirePermission)
      • AclEntryAfterInvocationProvider

        public AclEntryAfterInvocationProvider​(AclService aclService,
                                               java.lang.String processConfigAttribute,
                                               java.util.List<Permission> requirePermission)
    • Method Detail

      • setMessageSource

        public void setMessageSource​(org.springframework.context.MessageSource messageSource)
        Specified by:
        setMessageSource in interface org.springframework.context.MessageSourceAware