Made BasicAclProvider to only respond to specified ACL object requests.

21 years ago · f1d993f47b
3 changed files with 56 additions and 3 deletions
--- a/changelog.txt
+++ b/changelog.txt
@ -8,6 +8,7 @@ Changes in version 0.7 (2004-xx-xx)
				@@ -8,6 +8,7 @@ Changes in version 0.7 (2004-xx-xx)
 * Added AuthenticationProcessingFilter.setDetails for use by subclasses
 * Added 403-causing exception to HttpSession via SecurityEnforcementFilter
 * Added net.sf.acegisecurity.intercept.event package
+* Improved BasicAclProvider to only respond to specified ACL object requests
 * Refactored MethodDefinitionSource to work with Method, not MethodInvocation
 * Refactored AbstractSecurityInterceptor to better support other AOP libraries
 * Fixed AbstractProcessingFitler to use removeAttribute (JRun compatibility)
--- a/core/src/main/java/org/acegisecurity/acl/basic/BasicAclProvider.java
+++ b/core/src/main/java/org/acegisecurity/acl/basic/BasicAclProvider.java
@ -93,6 +93,7 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
				@@ -93,6 +93,7 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
    private BasicAclDao basicAclDao;
    private BasicAclEntryCache basicAclEntryCache = new NullAclEntryCache();
    private Class defaultAclObjectIdentityClass = NamedEntityObjectIdentity.class;
+    private Class restrictSupportToClass = null;
    private EffectiveAclsResolver effectiveAclsResolver = new GrantedAuthorityEffectiveAclsResolver();

    //~ Methods ================================================================
@ -230,6 +231,28 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
				@@ -230,6 +231,28 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
        return effectiveAclsResolver;
    }

+    /**
+     * If set to a value other than <code>null</code>, the {@link
+     * #supports(Object)} method will <b>only</b> support the indicates class.
+     * This is useful if you wish to wire multiple
+     * <code>BasicAclProvider</code>s in a list of
+     * <code>AclProviderManager.providers</code> but only have particular
+     * instances respond to particular domain object types.
+     *
+     * @param restrictSupportToClass the class to restrict this
+     *        <code>BasicAclProvider</code> to service request for, or
+     *        <code>null</code> (the default) if the
+     *        <code>BasicAclProvider</code> should respond to every class
+     *        presented
+     */
+    public void setRestrictSupportToClass(Class restrictSupportToClass) {
+        this.restrictSupportToClass = restrictSupportToClass;
+    }
+
+    public Class getRestrictSupportToClass() {
+        return restrictSupportToClass;
+    }
+
    public void afterPropertiesSet() {
        if (basicAclDao == null) {
            throw new IllegalArgumentException("basicAclDao required");
@ -260,9 +283,14 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
				@@ -260,9 +283,14 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
    }

    /**
-     * Indicates support for the passed object if it an
-     * <code>AclObjectIdentity</code> is returned by {@link
-     * #obtainIdentity(Object)}.
+     * Indicates support for the passed object.
+     * 
+     * <p>
+     * An object will only be supported if it (i) is allowed to be supported as
+     * defined by the {@link #setRestrictSupportToClass(Class)} method,
+     * <b>and</b> (ii) if an <code>AclObjectIdentity</code> is returned by
+     * {@link #obtainIdentity(Object)} for that object.
+     * </p>
     *
     * @param domainInstance the instance to check
     *
@ -270,6 +298,16 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
				@@ -270,6 +298,16 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
     *         <code>false</code> otherwise
     */
    public boolean supports(Object domainInstance) {
+        if (domainInstance == null) {
+            return false;
+        }
+
+        if ((restrictSupportToClass != null)
+            && !restrictSupportToClass.isAssignableFrom(
+                domainInstance.getClass())) {
+            return false;
+        }
+
        if (obtainIdentity(domainInstance) == null) {
            return false;
        } else {
--- a/core/src/test/java/org/acegisecurity/acl/basic/BasicAclProviderTests.java
+++ b/core/src/test/java/org/acegisecurity/acl/basic/BasicAclProviderTests.java
@ -184,6 +184,10 @@ public class BasicAclProviderTests extends TestCase {
				@@ -184,6 +184,10 @@ public class BasicAclProviderTests extends TestCase {

        provider.setBasicAclDao(new MockDao());
        assertNotNull(provider.getBasicAclDao());
+
+        assertNull(provider.getRestrictSupportToClass());
+        provider.setRestrictSupportToClass(SomeDomain.class);
+        assertEquals(SomeDomain.class, provider.getRestrictSupportToClass());
    }

    public void testStartupFailsIfNullAclDao() throws Exception {
@ -276,6 +280,16 @@ public class BasicAclProviderTests extends TestCase {
				@@ -276,6 +280,16 @@ public class BasicAclProviderTests extends TestCase {

        // this one SHOULD be supported, as it implements AclObjectIdentityAware
        assertTrue(provider.supports(new MockDomain(4)));
+
+        // now restrict the provider to only respond to SomeDomain.class requests
+        provider.setRestrictSupportToClass(SomeDomain.class);
+        assertEquals(SomeDomain.class, provider.getRestrictSupportToClass());
+
+        // this one SHOULD be supported, as it has a getId() method AND it meets the restrictSupportToClass criteria
+        assertTrue(provider.supports(new SomeDomain()));
+
+        // this one should NOT be suported, as whilst it implement AclObjectIdentityAware (as proven earlier in the test), it does NOT meet the restrictSupportToClass criteria
+        assertFalse(provider.supports(new MockDomain(4)));
    }

    private JdbcDaoImpl makePopulatedJdbcDao() throws Exception {