All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.acegisecurity.AfterInvocationManager Maven / Gradle / Ivy

There is a newer version: 1.0.7
Show newest version
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity;

/**
 * Reviews the Object returned from a secure object invocation,
 * being able to modify the Object or throw an {@link
 * AccessDeniedException}.
 * 
 * 

* Typically used to ensure the principal is permitted to access the domain * object instance returned by a service layer bean. Can also be used to * mutate the domain object instance so the principal is only able to access * authorised bean properties or Collection elements. Often used * in conjunction with an {@link org.acegisecurity.acl.AclManager} to * obtain the access control list applicable for the domain object instance. *

* *

* Special consideration should be given to using an * AfterInvocationManager on bean methods that modify a database. * Typically an AfterInvocationManager is used with read-only * methods, such as public DomainObject getById(id). If used with * methods that modify a database, a transaction manager should be used to * ensure any AccessDeniedException will cause a rollback of the * changes made by the transaction. *

* * @author Ben Alex * @version $Id: AfterInvocationManager.java 1496 2006-05-23 13:38:33Z benalex $ */ public interface AfterInvocationManager { //~ Methods ======================================================================================================== /** * Given the details of a secure object invocation including its returned Object, make an * access control decision or optionally modify the returned Object. * * @param authentication the caller that invoked the method * @param object the secured object that was called * @param config the configuration attributes associated with the secured object that was invoked * @param returnedObject the Object that was returned from the secure object invocation * * @return the Object that will ultimately be returned to the caller (if an implementation does not * wish to modify the object to be returned to the caller, the implementation should simply return the * same object it was passed by the returnedObject method argument) * * @throws AccessDeniedException if access is denied */ public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object returnedObject) throws AccessDeniedException; /** * Indicates whether this AfterInvocationManager is able to process "after invocation" * requests presented with the passed ConfigAttribute.

This allows the * AbstractSecurityInterceptor to check every configuration attribute can be consumed by the * configured AccessDecisionManager and/or RunAsManager and/or * AfterInvocationManager.

* * @param attribute a configuration attribute that has been configured against the * AbstractSecurityInterceptor * * @return true if this AfterInvocationManager can support the passed configuration attribute */ public boolean supports(ConfigAttribute attribute); /** * Indicates whether the AfterInvocationManager implementation is able to provide access * control decisions for the indicated secured object type. * * @param clazz the class that is being queried * * @return true if the implementation can process the indicated class */ public boolean supports(Class clazz); }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy