Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.afterinvocation
Class AclEntryAfterInvocationCollectionFilteringProvider

java.lang.Object
  extended by org.acegisecurity.afterinvocation.AbstractAclProvider
      extended by org.acegisecurity.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
All Implemented Interfaces:
AfterInvocationProvider
public class AclEntryAfterInvocationCollectionFilteringProvider
extends AbstractAclProvider

Given a Collection of domain object instances returned from a secure object invocation, remove any Collection elements the principal does not have appropriate permission to access as defined by the AclService.

The AclService is used to retrieve the access control list (ACL) permissions associated with each Collection domain object instance element for the current Authentication object.

This after invocation provider will fire if any ConfigAttribute.getAttribute() matches the AbstractAclProvider.processConfigAttribute. The provider will then lookup the ACLs from the AclService and ensure the principal is Acl.isGranted(org.acegisecurity.acls.Permission[], org.acegisecurity.acls.sid.Sid[], boolean) when presenting the AbstractAclProvider.requirePermission array to that method.

If the principal does not have permission, that element will not be included in the returned Collection.

Often users will setup a BasicAclEntryAfterInvocationProvider with a AbstractAclProvider.processConfigAttribute of AFTER_ACL_COLLECTION_READ and a AbstractAclProvider.requirePermission of BasePermission.READ. These are also the defaults.

If the provided returnObject is null, a nullCollection will be returned. If the provided returnObject is not a Collection, an AuthorizationServiceException will be thrown.

All comparisons and prefixes are case sensitive.

Version:
$Id: AclEntryAfterInvocationCollectionFilteringProvider.java 1754 2006-11-17 02:01:21Z benalex $
Author:
Ben Alex, Paulo Neves

Field Summary
protected static Log logger
           
 
Constructor Summary
AclEntryAfterInvocationCollectionFilteringProvider(AclService aclService, Permission[] requirePermission)
           
 
Method Summary
 Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
           
 
Methods inherited from class org.acegisecurity.afterinvocation.AbstractAclProvider
getProcessDomainObjectClass, hasPermission, setObjectIdentityRetrievalStrategy, setProcessConfigAttribute, setProcessDomainObjectClass, setSidRetrievalStrategy, supports, supports
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected static final Log logger
Constructor Detail

AclEntryAfterInvocationCollectionFilteringProvider

public AclEntryAfterInvocationCollectionFilteringProvider(AclService aclService,
                                                          Permission[] requirePermission)
Method Detail

decide

public Object decide(Authentication authentication,
                     Object object,
                     ConfigAttributeDefinition config,
                     Object returnedObject)
              throws AccessDeniedException
Throws:
AccessDeniedException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2006 Acegi Technology Pty Limited. All Rights Reserved.