Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep
Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> org >> acegisecurity >> [ afterinvocation overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider JAVADOC | Sourc code of org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider SOURCE | Download org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.acegisecurity.afterinvocation
Class BasicAclEntryAfterInvocationProvider  view BasicAclEntryAfterInvocationProvider download BasicAclEntryAfterInvocationProvider.java

java.lang.Object
  extended byorg.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider
All Implemented Interfaces:
AfterInvocationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
public class BasicAclEntryAfterInvocationProvider
extends java.lang.Object
implements AfterInvocationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the org.acegisecurity.acl.AclManager.

The AclManager is used to retrieve the access control list (ACL) permissions associated with a domain object instance for the current Authentication object. This class is designed to process org.acegisecurity.acl.AclEntrys that are subclasses of org.acegisecurity.acl.basic.BasicAclEntry only. Generally these are obtained by using the org.acegisecurity.acl.basic.BasicAclProvider.

This after invocation provider will fire if any ConfigAttribute#getAttribute() matches the processConfigAttribute 55 . The provider will then lookup the ACLs from the AclManager and ensure the principal is BasicAclEntry.isPermitted(int)>BasicAclEntry.isPermitted(int) 55 for at least one of the requirePermission 55 s.

Often users will setup a BasicAclEntryAfterInvocationProvider with a processConfigAttribute 55 of AFTER_ACL_READ and a requirePermission 55 of SimpleAclEntry.READ. These are also the defaults.

If the principal does not have sufficient permissions, an AccessDeniedException will be thrown.

The AclManager is allowed to return any implementations of AclEntry it wishes. However, this provider will only be able to validate against BasicAclEntrys, and thus access will be denied if no AclEntry is of type BasicAclEntry.

If the provided returnObject is null, permission will always be granted and null will be returned.

All comparisons and prefixes are case sensitive.

Field Summary
private  org.acegisecurity.acl.AclManager aclManager
           
protected static org.apache.commons.logging.Log logger
           
protected  org.springframework.context.support.MessageSourceAccessor messages
           
private  java.lang.String processConfigAttribute
           
private  int[] requirePermission
           
 
Constructor Summary
BasicAclEntryAfterInvocationProvider()
           
 
Method Summary
 void afterPropertiesSet()
          Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware).
 java.lang.Object decide(org.acegisecurity.Authentication authentication, java.lang.Object object, ConfigAttributeDefinition config, java.lang.Object returnedObject)
           
 org.acegisecurity.acl.AclManager getAclManager()
           
 java.lang.String getProcessConfigAttribute()
           
 int[] getRequirePermission()
           
 void setAclManager(org.acegisecurity.acl.AclManager aclManager)
           
 void setMessageSource(org.springframework.context.MessageSource messageSource)
          Set the MessageSource that this object runs in.
 void setProcessConfigAttribute(java.lang.String processConfigAttribute)
           
 void setRequirePermission(int[] requirePermission)
           
 boolean supports(ConfigAttribute attribute)
          Indicates whether this AfterInvocationProvider is able to participate in a decision involving the passed ConfigAttribute.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected static final org.apache.commons.logging.Log logger

aclManager

private org.acegisecurity.acl.AclManager aclManager

messages

protected org.springframework.context.support.MessageSourceAccessor messages

processConfigAttribute

private java.lang.String processConfigAttribute

requirePermission

private int[] requirePermission
Constructor Detail

BasicAclEntryAfterInvocationProvider

public BasicAclEntryAfterInvocationProvider()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception
Description copied from interface: org.springframework.beans.factory.InitializingBean
Invoked by a BeanFactory after it has set all bean properties supplied (and satisfied BeanFactoryAware and ApplicationContextAware).

This method allows the bean instance to perform initialization only possible when all bean properties have been set and to throw an exception in the event of misconfiguration.

Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

decide

public java.lang.Object decide(org.acegisecurity.Authentication authentication,
                               java.lang.Object object,
                               ConfigAttributeDefinition config,
                               java.lang.Object returnedObject)
                        throws org.acegisecurity.AccessDeniedException
Specified by:
decide in interface AfterInvocationProvider

getAclManager

public org.acegisecurity.acl.AclManager getAclManager()

getProcessConfigAttribute

public java.lang.String getProcessConfigAttribute()

getRequirePermission

public int[] getRequirePermission()

setAclManager

public void setAclManager(org.acegisecurity.acl.AclManager aclManager)

setMessageSource

public void setMessageSource(org.springframework.context.MessageSource messageSource)
Description copied from interface: org.springframework.context.MessageSourceAware
Set the MessageSource that this object runs in.

Invoked after population of normal bean properties but before an init callback like InitializingBean's afterPropertiesSet or a custom init-method. Invoked before ApplicationContextAware's setApplicationContext.

Specified by:
setMessageSource in interface org.springframework.context.MessageSourceAware

setProcessConfigAttribute

public void setProcessConfigAttribute(java.lang.String processConfigAttribute)

setRequirePermission

public void setRequirePermission(int[] requirePermission)

supports

public boolean supports(ConfigAttribute attribute)
Description copied from interface: AfterInvocationProvider
Indicates whether this AfterInvocationProvider is able to participate in a decision involving the passed ConfigAttribute.

This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by the configured AccessDecisionManager and/or RunAsManager and/or AccessDecisionManager.

Specified by:
supports in interface AfterInvocationProvider
Overview  Package   Class  Use  Deprecated  Index 
Home >> All >> org >> acegisecurity >> [ afterinvocation overview ]  PREV CLASS  NEXT CLASS
SUMMARY: JavaDoc of org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider JAVADOC | Sourc code of org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider SOURCE | Download org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider DOWNLOAD | NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD