Class AclEntryAfterInvocationCollectionFilteringProvider
- java.lang.Object
-
- org.springframework.security.acls.afterinvocation.AbstractAclProvider
-
- org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
-
- All Implemented Interfaces:
AfterInvocationProvider
public class AclEntryAfterInvocationCollectionFilteringProvider extends AbstractAclProvider
Given a
Collection
of domain object instances returned from a secure object invocation, remove anyCollection
elements the principal does not have appropriate permission to access as defined by theAclService
.The
AclService
is used to retrieve the access control list (ACL) permissions associated with eachCollection
domain object instance element for the currentAuthentication
object.This after invocation provider will fire if any
ConfigAttribute.getAttribute()
matches theAbstractAclProvider.processConfigAttribute
. The provider will then lookup the ACLs from theAclService
and ensure the principal isAcl.isGranted()
when presenting theAbstractAclProvider.requirePermission
array to that method.If the principal does not have permission, that element will not be included in the returned
Collection
.Often users will setup a
BasicAclEntryAfterInvocationProvider
with aAbstractAclProvider.processConfigAttribute
ofAFTER_ACL_COLLECTION_READ
and aAbstractAclProvider.requirePermission
ofBasePermission.READ
. These are also the defaults.If the provided
returnObject
isnull
, anull
Collection
will be returned. If the providedreturnObject
is not aCollection
, anAuthorizationServiceException
will be thrown.All comparisons and prefixes are case sensitive.
-
-
Field Summary
Fields Modifier and Type Field Description protected static org.apache.commons.logging.Log
logger
-
Fields inherited from class org.springframework.security.acls.afterinvocation.AbstractAclProvider
aclService, objectIdentityRetrievalStrategy, processConfigAttribute, processDomainObjectClass, requirePermission, sidRetrievalStrategy
-
-
Constructor Summary
Constructors Constructor Description AclEntryAfterInvocationCollectionFilteringProvider(AclService aclService, java.util.List<Permission> requirePermission)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.Object
decide(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> config, java.lang.Object returnedObject)
-
Methods inherited from class org.springframework.security.acls.afterinvocation.AbstractAclProvider
getProcessDomainObjectClass, hasPermission, setObjectIdentityRetrievalStrategy, setProcessConfigAttribute, setProcessDomainObjectClass, setSidRetrievalStrategy, supports, supports
-
-
-
-
Constructor Detail
-
AclEntryAfterInvocationCollectionFilteringProvider
public AclEntryAfterInvocationCollectionFilteringProvider(AclService aclService, java.util.List<Permission> requirePermission)
-
-
Method Detail
-
decide
public java.lang.Object decide(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> config, java.lang.Object returnedObject) throws AccessDeniedException
- Throws:
AccessDeniedException
-
-