java.lang.Object | ||
↳ | org.springframework.security.acls.afterinvocation.AbstractAclProvider | |
↳ | org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider |
Given a Collection
of domain object instances returned from a secure object invocation, remove
any Collection
elements the principal does not have appropriate permission to access as defined by the
AclService
.
The AclService
is used to retrieve the access control list (ACL) permissions associated with
each Collection
domain object instance element for the current Authentication
object.
This after invocation provider will fire if any getAttribute()
matches the processConfigAttribute
. The provider will then lookup the ACLs from the AclService
and ensure the
principal is Acl.isGranted()
when presenting the requirePermission
array to that method.
If the principal does not have permission, that element will not be included in the returned
Collection
.
Often users will setup a BasicAclEntryAfterInvocationProvider
with a processConfigAttribute
of AFTER_ACL_COLLECTION_READ
and a requirePermission
of
BasePermission.READ
. These are also the defaults.
If the provided returnObject
is null
, a null
Collection
will be returned. If the provided returnObject
is not a Collection
, an AuthorizationServiceException
will be thrown.
All comparisons and prefixes are case sensitive.
Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
logger |
[Expand]
Inherited Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.acls.afterinvocation.AbstractAclProvider
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.acls.afterinvocation.AbstractAclProvider
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
org.springframework.security.access.AfterInvocationProvider
|
AccessDeniedException |
---|