java.lang.Object | ||
↳ | org.springframework.security.acls.afterinvocation.AbstractAclProvider | |
↳ | org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider |
Given a domain object instance returned from a secure object invocation, ensures the principal has
appropriate permission as defined by the AclService
.
The AclService
is used to retrieve the access control list (ACL) permissions associated with a
domain object instance for the current Authentication
object.
This after invocation provider will fire if any getAttribute()
matches the processConfigAttribute
. The provider will then lookup the ACLs from the AclService and ensure the
principal is Acl.isGranted(List, List, boolean)
when presenting the requirePermission
array to that method.
Often users will set up an AclEntryAfterInvocationProvider
with a processConfigAttribute
of AFTER_ACL_READ
and a requirePermission
of
BasePermission.READ
. These are also the defaults.
If the principal does not have sufficient permissions, an AccessDeniedException
will be thrown.
If the provided returnedObject is null
, permission will always be granted and
null
will be returned.
All comparisons and prefixes are case sensitive.
Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
logger | |||||||||||
messages |
[Expand]
Inherited Fields | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.acls.afterinvocation.AbstractAclProvider
|
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.acls.afterinvocation.AbstractAclProvider
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
org.springframework.context.MessageSourceAware
| |||||||||||
From interface
org.springframework.security.access.AfterInvocationProvider
|
AccessDeniedException |
---|