Class AclEntryAfterInvocationProvider
- All Implemented Interfaces:
org.springframework.beans.factory.Aware
,org.springframework.context.MessageSourceAware
,AfterInvocationProvider
AclService
.
The AclService
is used to retrieve the access control list (ACL)
permissions associated with a domain object instance for the current
Authentication
object.
This after invocation provider will fire if any ConfigAttribute.getAttribute()
matches the AbstractAclProvider.processConfigAttribute
. The provider will then lookup the ACLs
from the AclService and ensure the principal is
Acl.isGranted(List, List, boolean)
when presenting the AbstractAclProvider.requirePermission
array to that method.
Often users will set up an AclEntryAfterInvocationProvider
with a
AbstractAclProvider.processConfigAttribute
of AFTER_ACL_READ
and a
AbstractAclProvider.requirePermission
of BasePermission.READ
. These are also the
defaults.
If the principal does not have sufficient permissions, an
AccessDeniedException
will be thrown.
If the provided returnedObject is null
, permission will always be
granted and null
will be returned.
All comparisons and prefixes are case sensitive.
-
Field Summary
Modifier and TypeFieldDescriptionprotected static final org.apache.commons.logging.Log
protected org.springframework.context.support.MessageSourceAccessor
Fields inherited from class org.springframework.security.acls.afterinvocation.AbstractAclProvider
aclService, objectIdentityRetrievalStrategy, processConfigAttribute, processDomainObjectClass, requirePermission, sidRetrievalStrategy
-
Constructor Summary
ConstructorDescriptionAclEntryAfterInvocationProvider
(AclService aclService, String processConfigAttribute, List<Permission> requirePermission) AclEntryAfterInvocationProvider
(AclService aclService, List<Permission> requirePermission) -
Method Summary
Modifier and TypeMethodDescriptiondecide
(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject) void
setMessageSource
(org.springframework.context.MessageSource messageSource) Methods inherited from class org.springframework.security.acls.afterinvocation.AbstractAclProvider
getProcessDomainObjectClass, hasPermission, setObjectIdentityRetrievalStrategy, setProcessConfigAttribute, setProcessDomainObjectClass, setSidRetrievalStrategy, supports, supports
-
Field Details
-
logger
protected static final org.apache.commons.logging.Log logger -
messages
protected org.springframework.context.support.MessageSourceAccessor messages
-
-
Constructor Details
-
AclEntryAfterInvocationProvider
-
AclEntryAfterInvocationProvider
public AclEntryAfterInvocationProvider(AclService aclService, String processConfigAttribute, List<Permission> requirePermission)
-
-
Method Details
-
decide
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject) throws AccessDeniedException - Specified by:
decide
in interfaceAfterInvocationProvider
- Throws:
AccessDeniedException
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource) - Specified by:
setMessageSource
in interfaceorg.springframework.context.MessageSourceAware
-