org.springframework.security.acls.afterinvocation
Class AclEntryAfterInvocationCollectionFilteringProvider
java.lang.Object
org.springframework.security.acls.afterinvocation.AbstractAclProvider
org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
- All Implemented Interfaces:
- org.springframework.security.access.AfterInvocationProvider
public class AclEntryAfterInvocationCollectionFilteringProvider
- extends AbstractAclProvider
Given a Collection of domain object instances returned from a secure object invocation, remove
any Collection elements the principal does not have appropriate permission to access as defined by the
AclService.
The AclService is used to retrieve the access control list (ACL) permissions associated with
each Collection domain object instance element for the current Authentication object.
This after invocation provider will fire if any ConfigAttribute.getAttribute() matches the AbstractAclProvider.processConfigAttribute. The provider will then lookup the ACLs from the AclService and ensure the
principal is Acl.isGranted()
when presenting the AbstractAclProvider.requirePermission array to that method.
If the principal does not have permission, that element will not be included in the returned
Collection.
Often users will setup a BasicAclEntryAfterInvocationProvider with a AbstractAclProvider.processConfigAttribute of AFTER_ACL_COLLECTION_READ and a AbstractAclProvider.requirePermission of
BasePermission.READ. These are also the defaults.
If the provided returnObject is null, a nullCollection
will be returned. If the provided returnObject is not a Collection, an AuthorizationServiceException will be thrown.
All comparisons and prefixes are case sensitive.
- Author:
- Ben Alex, Paulo Neves
|
Field Summary |
protected static org.apache.commons.logging.Log |
logger
|
|
Method Summary |
Object |
decide(org.springframework.security.core.Authentication authentication,
Object object,
Collection<org.springframework.security.access.ConfigAttribute> config,
Object returnedObject)
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
logger
protected static final org.apache.commons.logging.Log logger
AclEntryAfterInvocationCollectionFilteringProvider
public AclEntryAfterInvocationCollectionFilteringProvider(AclService aclService,
List<Permission> requirePermission)
decide
public Object decide(org.springframework.security.core.Authentication authentication,
Object object,
Collection<org.springframework.security.access.ConfigAttribute> config,
Object returnedObject)
throws org.springframework.security.access.AccessDeniedException
- Throws:
org.springframework.security.access.AccessDeniedException