From 5d9ed78b50c5e2c964bb697f4fad98451b09bdff Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Wed, 26 Apr 2006 03:30:27 +0000 Subject: [PATCH] SEC-147: Add processDomainObjectClass property to AfterInvocationProviders. --- ...erInvocationCollectionFilteringProvider.java | 9 +++++++++ .../BasicAclEntryAfterInvocationProvider.java | 17 ++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java b/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java index fa833b0dcf..5c2aabef53 100644 --- a/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java +++ b/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java @@ -113,9 +113,16 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider private AclManager aclManager; private String processConfigAttribute = "AFTER_ACL_COLLECTION_READ"; private int[] requirePermission = {SimpleAclEntry.READ}; + private Class processDomainObjectClass = Object.class; //~ Methods ================================================================ + public void setProcessDomainObjectClass(Class processDomainObjectClass) { + Assert.notNull(processDomainObjectClass, + "processDomainObjectClass cannot be set to null"); + this.processDomainObjectClass = processDomainObjectClass; + } + public void setAclManager(AclManager aclManager) { this.aclManager = aclManager; } @@ -195,6 +202,8 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider if (domainObject == null) { hasPermission = true; + } else if (!processDomainObjectClass.isAssignableFrom(domainObject.getClass())) { + hasPermission = true; } else { acls = aclManager.getAcls(domainObject, authentication); } diff --git a/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java b/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java index df01714b33..eddba12c33 100644 --- a/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java +++ b/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java @@ -100,10 +100,17 @@ public class BasicAclEntryAfterInvocationProvider protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); private String processConfigAttribute = "AFTER_ACL_READ"; private int[] requirePermission = {SimpleAclEntry.READ}; + private Class processDomainObjectClass = Object.class; //~ Methods ================================================================ - public void afterPropertiesSet() throws Exception { + public void setProcessDomainObjectClass(Class processDomainObjectClass) { + Assert.notNull(processDomainObjectClass, + "processDomainObjectClass cannot be set to null"); + this.processDomainObjectClass = processDomainObjectClass; + } + + public void afterPropertiesSet() throws Exception { Assert.notNull(processConfigAttribute, "A processConfigAttribute is mandatory"); Assert.notNull(aclManager, "An aclManager is mandatory"); @@ -134,6 +141,14 @@ public class BasicAclEntryAfterInvocationProvider return null; } + + if (!processDomainObjectClass.isAssignableFrom(returnedObject.getClass())) { + if (logger.isDebugEnabled()) { + logger.debug("Return object is not applicable for this provider, skipping"); + } + + return null; + } AclEntry[] acls = aclManager.getAcls(returnedObject, authentication);