Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Spring Security Framework
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.afterinvocation
Class BasicAclEntryAfterInvocationCollectionFilteringProvider

java.lang.Object
  extended by org.springframework.security.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider
All Implemented Interfaces:
InitializingBean, AfterInvocationProvider
Deprecated. Use new spring-security-acl module instead 

public class BasicAclEntryAfterInvocationCollectionFilteringProvider
extends Object
implements AfterInvocationProvider, InitializingBean

Given a Collection of domain object instances returned from a secure object invocation, remove any Collection elements the principal does not have appropriate permission to access as defined by the AclManager.

The AclManager is used to retrieve the access control list (ACL) permissions associated with each Collection domain object instance element for the current Authentication object. This class is designed to process AclEntrys that are subclasses of BasicAclEntry only. Generally these are obtained by using the BasicAclProvider.

This after invocation provider will fire if any ConfigAttribute.getAttribute() matches the processConfigAttribute. The provider will then lookup the ACLs from the AclManager and ensure the principal is BasicAclEntry.isPermitted(int) for at least one of the requirePermissions for each Collection element. If the principal does not have at least one of the permissions, that element will not be included in the returned Collection.

Often users will setup a BasicAclEntryAfterInvocationProvider with a processConfigAttribute of AFTER_ACL_COLLECTION_READ and a requirePermission of SimpleAclEntry.READ. These are also the defaults.

The AclManager is allowed to return any implementations of AclEntry it wishes. However, this provider will only be able to validate against BasicAclEntrys, and thus a Collection element will be filtered from the resulting Collection if no AclEntry is of type BasicAclEntry.

If the provided returnObject is null, a nullCollection will be returned. If the provided returnObject is not a Collection, an AuthorizationServiceException will be thrown.

All comparisons and prefixes are case sensitive.

Version:
$Id$
Author:
Ben Alex, Paulo Neves

Field Summary
protected static org.apache.commons.logging.Log logger
          Deprecated.  
 
Constructor Summary
BasicAclEntryAfterInvocationCollectionFilteringProvider()
          Deprecated.  
 
Method Summary
 void afterPropertiesSet()
          Deprecated.  
 Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject)
          Deprecated.  
 AclManager getAclManager()
          Deprecated.  
 String getProcessConfigAttribute()
          Deprecated.  
 int[] getRequirePermission()
          Deprecated.  
 void setAclManager(AclManager aclManager)
          Deprecated.  
 void setProcessConfigAttribute(String processConfigAttribute)
          Deprecated.  
 void setProcessDomainObjectClass(Class processDomainObjectClass)
          Deprecated.  
 void setRequirePermission(int[] requirePermission)
          Deprecated.  
 void setRequirePermissionFromString(String[] requiredPermissions)
          Deprecated. Allow setting permissions with String literals instead of integers as setRequirePermission(int[])
 boolean supports(Class clazz)
          Deprecated. This implementation supports any type of class, because it does not query the presented secure object.
 boolean supports(ConfigAttribute attribute)
          Deprecated. Indicates whether this AfterInvocationProvider is able to participate in a decision involving the passed ConfigAttribute.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected static final org.apache.commons.logging.Log logger
Deprecated. 
Constructor Detail

BasicAclEntryAfterInvocationCollectionFilteringProvider

public BasicAclEntryAfterInvocationCollectionFilteringProvider()
Deprecated. 
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Deprecated. 
Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception

decide

public Object decide(Authentication authentication,
                     Object object,
                     ConfigAttributeDefinition config,
                     Object returnedObject)
              throws AccessDeniedException
Deprecated. 
Specified by:
decide in interface AfterInvocationProvider
Throws:
AccessDeniedException

getAclManager

public AclManager getAclManager()
Deprecated. 

getProcessConfigAttribute

public String getProcessConfigAttribute()
Deprecated. 

getRequirePermission

public int[] getRequirePermission()
Deprecated. 

setAclManager

public void setAclManager(AclManager aclManager)
Deprecated. 

setProcessConfigAttribute

public void setProcessConfigAttribute(String processConfigAttribute)
Deprecated. 

setProcessDomainObjectClass

public void setProcessDomainObjectClass(Class processDomainObjectClass)
Deprecated. 

setRequirePermission

public void setRequirePermission(int[] requirePermission)
Deprecated. 

setRequirePermissionFromString

public void setRequirePermissionFromString(String[] requiredPermissions)
Deprecated. 
Allow setting permissions with String literals instead of integers as setRequirePermission(int[])

Parameters:
requiredPermissions - permission literals
See Also:
for valid values

supports

public boolean supports(ConfigAttribute attribute)
Deprecated. 
Description copied from interface: AfterInvocationProvider
Indicates whether this AfterInvocationProvider is able to participate in a decision involving the passed ConfigAttribute.

This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by the configured AccessDecisionManager and/or RunAsManager and/or AccessDecisionManager.

Specified by:
supports in interface AfterInvocationProvider
Parameters:
attribute - a configuration attribute that has been configured against the AbstractSecurityInterceptor
Returns:
true if this AfterInvocationProvider can support the passed configuration attribute

supports

public boolean supports(Class clazz)
Deprecated. 
This implementation supports any type of class, because it does not query the presented secure object.

Specified by:
supports in interface AfterInvocationProvider
Parameters:
clazz - the secure object
Returns:
always true
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Spring Security Framework
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.