Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.afterinvocation
Class BasicAclEntryAfterInvocationProvider

java.lang.Object
  extended by org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider
All Implemented Interfaces:
AfterInvocationProvider, InitializingBean, MessageSourceAware
public class BasicAclEntryAfterInvocationProvider
extends Object
implements AfterInvocationProvider, InitializingBean, MessageSourceAware

Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the AclManager.

The AclManager is used to retrieve the access control list (ACL) permissions associated with a domain object instance for the current Authentication object. This class is designed to process AclEntrys that are subclasses of BasicAclEntry only. Generally these are obtained by using the BasicAclProvider.

This after invocation provider will fire if any ConfigAttribute.getAttribute() matches the processConfigAttribute. The provider will then lookup the ACLs from the AclManager and ensure the principal is BasicAclEntry.isPermitted(int) for at least one of the requirePermissions.

Often users will setup a BasicAclEntryAfterInvocationProvider with a processConfigAttribute of AFTER_ACL_READ and a requirePermission of SimpleAclEntry.READ. These are also the defaults.

If the principal does not have sufficient permissions, an AccessDeniedException will be thrown.

The AclManager is allowed to return any implementations of AclEntry it wishes. However, this provider will only be able to validate against BasicAclEntrys, and thus access will be denied if no AclEntry is of type BasicAclEntry.

If the provided returnObject is null, permission will always be granted and null will be returned.

All comparisons and prefixes are case sensitive.

Field Summary
protected static org.apache.commons.logging.Log logger
           
protected  MessageSourceAccessor messages
           
 
Constructor Summary
BasicAclEntryAfterInvocationProvider()
           
 
Method Summary
 void afterPropertiesSet()
           
 Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
           
 AclManager getAclManager()
           
 String getProcessConfigAttribute()
           
 int[] getRequirePermission()
           
 void setAclManager(AclManager aclManager)
           
 void setMessageSource(MessageSource messageSource)
           
 void setProcessConfigAttribute(String processConfigAttribute)
           
 void setRequirePermission(int[] requirePermission)
           
 boolean supports(Class clazz)
          This implementation supports any type of class, because it does not query the presented secure object.
 boolean supports(ConfigAttribute attribute)
          Indicates whether this AfterInvocationProvider is able to participate in a decision involving the passed ConfigAttribute.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected static final org.apache.commons.logging.Log logger

messages

protected MessageSourceAccessor messages
Constructor Detail

BasicAclEntryAfterInvocationProvider

public BasicAclEntryAfterInvocationProvider()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception

decide

public Object decide(Authentication authentication,
                     Object object,
                     ConfigAttributeDefinition config,
                     Object returnedObject)
              throws AccessDeniedException
Specified by:
decide in interface AfterInvocationProvider
Throws:
AccessDeniedException

getAclManager

public AclManager getAclManager()

getProcessConfigAttribute

public String getProcessConfigAttribute()

getRequirePermission

public int[] getRequirePermission()

setAclManager

public void setAclManager(AclManager aclManager)

setMessageSource

public void setMessageSource(MessageSource messageSource)
Specified by:
setMessageSource in interface MessageSourceAware

setProcessConfigAttribute

public void setProcessConfigAttribute(String processConfigAttribute)

setRequirePermission

public void setRequirePermission(int[] requirePermission)

supports

public boolean supports(ConfigAttribute attribute)
Description copied from interface: AfterInvocationProvider
Indicates whether this AfterInvocationProvider is able to participate in a decision involving the passed ConfigAttribute.

This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by the configured AccessDecisionManager and/or RunAsManager and/or AccessDecisionManager.

Specified by:
supports in interface AfterInvocationProvider
Parameters:
attribute - a configuration attribute that has been configured against the AbstractSecurityInterceptor
Returns:
true if this AfterInvocationProvider can support the passed configuration attribute

supports

public boolean supports(Class clazz)
This implementation supports any type of class, because it does not query the presented secure object.

Specified by:
supports in interface AfterInvocationProvider
Parameters:
clazz - the secure object
Returns:
always true
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2005 Acegi Technology Pty Limited. All Rights Reserved.