mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-24 21:12:18 +00:00
Improve logging and enable ACL determination to use an Object obtained from an internal method of the located processDomainObjectClass.
This commit is contained in:
Ben Alex
parent
61580d1973
commit
f251436a99
@ -25,8 +25,14 @@ import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry;
|
|||||||
|
|
||||||
import org.aopalliance.intercept.MethodInvocation;
|
import org.aopalliance.intercept.MethodInvocation;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
import org.springframework.beans.factory.InitializingBean;
|
||||||
|
|
||||||
|
import java.lang.reflect.InvocationTargetException;
|
||||||
|
import java.lang.reflect.Method;
|
||||||
|
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
|
|
||||||
|
|
||||||
@ -120,10 +126,15 @@ import java.util.Iterator;
|
|||||||
*/
|
*/
|
||||||
public class BasicAclEntryVoter implements AccessDecisionVoter,
|
public class BasicAclEntryVoter implements AccessDecisionVoter,
|
||||||
InitializingBean {
|
InitializingBean {
|
||||||
|
//~ Static fields/initializers =============================================
|
||||||
|
|
||||||
|
private static final Log logger = LogFactory.getLog(BasicAclEntryVoter.class);
|
||||||
|
|
||||||
//~ Instance fields ========================================================
|
//~ Instance fields ========================================================
|
||||||
|
|
||||||
private AclManager aclManager;
|
private AclManager aclManager;
|
||||||
private Class processDomainObjectClass;
|
private Class processDomainObjectClass;
|
||||||
|
private String internalMethod;
|
||||||
private String processConfigAttribute;
|
private String processConfigAttribute;
|
||||||
private int[] requirePermission;
|
private int[] requirePermission;
|
||||||
|
|
||||||
@ -137,6 +148,27 @@ public class BasicAclEntryVoter implements AccessDecisionVoter,
|
|||||||
return aclManager;
|
return aclManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setInternalMethod(String internalMethod) {
|
||||||
|
this.internalMethod = internalMethod;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Optionally specifies a method of the domain object that will be used to
|
||||||
|
* obtain a contained domain object. That contained domain object will be
|
||||||
|
* used for the ACL evaluation. This is useful if a domain object contains
|
||||||
|
* a parent that an ACL evaluation should be targeted for, instead of the
|
||||||
|
* child domain object (which perhaps is being created and as such does
|
||||||
|
* not yet have any ACL permissions)
|
||||||
|
*
|
||||||
|
* @return <code>null</code> to use the domain object, or the name of a
|
||||||
|
* method (that requires no arguments) that should be invoked to
|
||||||
|
* obtain an <code>Object</code> which will be the domain object
|
||||||
|
* used for ACL evaluation
|
||||||
|
*/
|
||||||
|
public String getInternalMethod() {
|
||||||
|
return internalMethod;
|
||||||
|
}
|
||||||
|
|
||||||
public void setProcessConfigAttribute(String processConfigAttribute) {
|
public void setProcessConfigAttribute(String processConfigAttribute) {
|
||||||
this.processConfigAttribute = processConfigAttribute;
|
this.processConfigAttribute = processConfigAttribute;
|
||||||
}
|
}
|
||||||
@ -222,6 +254,48 @@ public class BasicAclEntryVoter implements AccessDecisionVoter,
|
|||||||
return AccessDecisionVoter.ACCESS_ABSTAIN;
|
return AccessDecisionVoter.ACCESS_ABSTAIN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Evaluate if we are required to use an inner domain object
|
||||||
|
if ((internalMethod != null) && !"".equals(internalMethod)) {
|
||||||
|
try {
|
||||||
|
Class clazz = domainObject.getClass();
|
||||||
|
Method method = clazz.getMethod(internalMethod, null);
|
||||||
|
domainObject = method.invoke(domainObject, null);
|
||||||
|
} catch (NoSuchMethodException nsme) {
|
||||||
|
throw new AuthorizationServiceException(
|
||||||
|
"Object of class '" + domainObject.getClass()
|
||||||
|
+ "' does not provide the requested internalMethod: "
|
||||||
|
+ internalMethod);
|
||||||
|
} catch (IllegalAccessException iae) {
|
||||||
|
if (logger.isDebugEnabled()) {
|
||||||
|
logger.debug("IllegalAccessException", iae);
|
||||||
|
|
||||||
|
if (iae.getCause() != null) {
|
||||||
|
logger.debug("Cause: "
|
||||||
|
+ iae.getCause().getMessage(),
|
||||||
|
iae.getCause());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new AuthorizationServiceException(
|
||||||
|
"Problem invoking internalMethod: "
|
||||||
|
+ internalMethod + " for object: " + domainObject);
|
||||||
|
} catch (InvocationTargetException ite) {
|
||||||
|
if (logger.isDebugEnabled()) {
|
||||||
|
logger.debug("InvocationTargetException", ite);
|
||||||
|
|
||||||
|
if (ite.getCause() != null) {
|
||||||
|
logger.debug("Cause: "
|
||||||
|
+ ite.getCause().getMessage(),
|
||||||
|
ite.getCause());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new AuthorizationServiceException(
|
||||||
|
"Problem invoking internalMethod: "
|
||||||
|
+ internalMethod + " for object: " + domainObject);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Obtain the ACLs applicable to the domain object
|
// Obtain the ACLs applicable to the domain object
|
||||||
AclEntry[] acls = aclManager.getAcls(domainObject,
|
AclEntry[] acls = aclManager.getAcls(domainObject,
|
||||||
authentication);
|
authentication);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user