Class AclEntryAfterInvocationProvider
- java.lang.Object
-
- org.springframework.security.acls.afterinvocation.AbstractAclProvider
-
- org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
-
- All Implemented Interfaces:
org.springframework.beans.factory.Aware,org.springframework.context.MessageSourceAware,AfterInvocationProvider
public class AclEntryAfterInvocationProvider extends AbstractAclProvider implements org.springframework.context.MessageSourceAware
Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by theAclService.The
AclServiceis used to retrieve the access control list (ACL) permissions associated with a domain object instance for the currentAuthenticationobject.This after invocation provider will fire if any
ConfigAttribute.getAttribute()matches theAbstractAclProvider.processConfigAttribute. The provider will then lookup the ACLs from the AclService and ensure the principal isAcl.isGranted(List, List, boolean)when presenting theAbstractAclProvider.requirePermissionarray to that method.Often users will set up an
AclEntryAfterInvocationProviderwith aAbstractAclProvider.processConfigAttributeofAFTER_ACL_READand aAbstractAclProvider.requirePermissionofBasePermission.READ. These are also the defaults.If the principal does not have sufficient permissions, an
AccessDeniedExceptionwill be thrown.If the provided returnedObject is
null, permission will always be granted andnullwill be returned.All comparisons and prefixes are case sensitive.
-
-
Field Summary
Fields Modifier and Type Field Description protected static org.apache.commons.logging.Logloggerprotected org.springframework.context.support.MessageSourceAccessormessages-
Fields inherited from class org.springframework.security.acls.afterinvocation.AbstractAclProvider
aclService, objectIdentityRetrievalStrategy, processConfigAttribute, processDomainObjectClass, requirePermission, sidRetrievalStrategy
-
-
Constructor Summary
Constructors Constructor Description AclEntryAfterInvocationProvider(AclService aclService, java.lang.String processConfigAttribute, java.util.List<Permission> requirePermission)AclEntryAfterInvocationProvider(AclService aclService, java.util.List<Permission> requirePermission)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.Objectdecide(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> config, java.lang.Object returnedObject)voidsetMessageSource(org.springframework.context.MessageSource messageSource)-
Methods inherited from class org.springframework.security.acls.afterinvocation.AbstractAclProvider
getProcessDomainObjectClass, hasPermission, setObjectIdentityRetrievalStrategy, setProcessConfigAttribute, setProcessDomainObjectClass, setSidRetrievalStrategy, supports, supports
-
-
-
-
Constructor Detail
-
AclEntryAfterInvocationProvider
public AclEntryAfterInvocationProvider(AclService aclService, java.util.List<Permission> requirePermission)
-
AclEntryAfterInvocationProvider
public AclEntryAfterInvocationProvider(AclService aclService, java.lang.String processConfigAttribute, java.util.List<Permission> requirePermission)
-
-
Method Detail
-
decide
public java.lang.Object decide(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> config, java.lang.Object returnedObject) throws AccessDeniedException
- Specified by:
decidein interfaceAfterInvocationProvider- Throws:
AccessDeniedException
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource)
- Specified by:
setMessageSourcein interfaceorg.springframework.context.MessageSourceAware
-
-