Class AfterInvocationProviderManager
- java.lang.Object
-
- org.springframework.security.access.intercept.AfterInvocationProviderManager
-
- All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
,AfterInvocationManager
public class AfterInvocationProviderManager extends java.lang.Object implements AfterInvocationManager, org.springframework.beans.factory.InitializingBean
Provider-based implementation ofAfterInvocationManager
.Handles configuration of a bean context defined list of
AfterInvocationProvider
s.Every
AfterInvocationProvider
will be polled when thedecide(Authentication, Object, Collection, Object)
method is called. TheObject
returned from each provider will be presented to the successive provider for processing. This means each provider must ensure they return theObject
, even if they are not interested in the "after invocation" decision (perhaps as the secure object invocation did not include a configuration attribute a given provider is configured to respond to).
-
-
Field Summary
Fields Modifier and Type Field Description protected static org.apache.commons.logging.Log
logger
-
Constructor Summary
Constructors Constructor Description AfterInvocationProviderManager()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterPropertiesSet()
java.lang.Object
decide(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> config, java.lang.Object returnedObject)
Given the details of a secure object invocation including its returnedObject
, make an access control decision or optionally modify the returnedObject
.java.util.List<AfterInvocationProvider>
getProviders()
void
setProviders(java.util.List<?> newList)
boolean
supports(java.lang.Class<?> clazz)
Iterates through allAfterInvocationProvider
s and ensures each can support the presented class.boolean
supports(ConfigAttribute attribute)
Indicates whether thisAfterInvocationManager
is able to process "after invocation" requests presented with the passedConfigAttribute
.
-
-
-
Method Detail
-
afterPropertiesSet
public void afterPropertiesSet()
- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
-
decide
public java.lang.Object decide(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> config, java.lang.Object returnedObject) throws AccessDeniedException
Description copied from interface:AfterInvocationManager
Given the details of a secure object invocation including its returnedObject
, make an access control decision or optionally modify the returnedObject
.- Specified by:
decide
in interfaceAfterInvocationManager
- Parameters:
authentication
- the caller that invoked the methodobject
- the secured object that was calledconfig
- the configuration attributes associated with the secured object that was invokedreturnedObject
- theObject
that was returned from the secure object invocation- Returns:
- the
Object
that will ultimately be returned to the caller (if an implementation does not wish to modify the object to be returned to the caller, the implementation should simply return the same object it was passed by thereturnedObject
method argument) - Throws:
AccessDeniedException
- if access is denied
-
getProviders
public java.util.List<AfterInvocationProvider> getProviders()
-
setProviders
public void setProviders(java.util.List<?> newList)
-
supports
public boolean supports(ConfigAttribute attribute)
Description copied from interface:AfterInvocationManager
Indicates whether thisAfterInvocationManager
is able to process "after invocation" requests presented with the passedConfigAttribute
.This allows the
AbstractSecurityInterceptor
to check every configuration attribute can be consumed by the configuredAccessDecisionManager
and/orRunAsManager
and/orAfterInvocationManager
.- Specified by:
supports
in interfaceAfterInvocationManager
- Parameters:
attribute
- a configuration attribute that has been configured against theAbstractSecurityInterceptor
- Returns:
- true if this
AfterInvocationManager
can support the passed configuration attribute
-
supports
public boolean supports(java.lang.Class<?> clazz)
Iterates through allAfterInvocationProvider
s and ensures each can support the presented class.If one or more providers cannot support the presented class,
false
is returned.- Specified by:
supports
in interfaceAfterInvocationManager
- Parameters:
clazz
- the secure object class being queries- Returns:
- if the
AfterInvocationProviderManager
can support the secure object class, which requires every one of itsAfterInvocationProvider
s to support the secure object class
-
-