org.riotfamily.riot.security.policy
Class ReflectionPolicy

java.lang.Object
  extended by org.riotfamily.riot.security.policy.ReflectionPolicy
All Implemented Interfaces:
AssertionPolicy, AuthorizationPolicy, Ordered
Direct Known Subclasses:
SystemPagePolicy

public class ReflectionPolicy
extends Object
implements AssertionPolicy

AuthorizationPolicy that delegates permission checks to individual methods via reflection. It looks for methods with the name of the action and either one or two parameters (the first one must be assignment-compatible with RiotUser) and an int return type. The action name is uncapitalized and converted to camel-case.

Since:
7.0
Author:
Felix Gnass [fgnass at neteye dot de]

Nested Class Summary
 
Nested classes/interfaces inherited from interface org.riotfamily.riot.security.policy.AuthorizationPolicy
AuthorizationPolicy.Permission
 
Field Summary
 
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
 
Constructor Summary
ReflectionPolicy()
           
 
Method Summary
 void assertIsGranted(RiotUser user, String action, Object object)
          By contract this method is invoked whenever an action is about to be executed.
 int getOrder()
           
 AuthorizationPolicy.Permission getPermission(RiotUser user, String action, Object object)
          Returns the permission for the given user, action and object.
 void setDelegate(Object delegate)
           
 void setOrder(int order)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ReflectionPolicy

public ReflectionPolicy()
Method Detail

getOrder

public int getOrder()
Specified by:
getOrder in interface Ordered

setOrder

public void setOrder(int order)

setDelegate

public void setDelegate(Object delegate)

getPermission

public AuthorizationPolicy.Permission getPermission(RiotUser user,
                                                    String action,
                                                    Object object)
Description copied from interface: AuthorizationPolicy
Returns the permission for the given user, action and object.

Specified by:
getPermission in interface AuthorizationPolicy
action - The action to be performed
object - The object on which the action is to be performed

assertIsGranted

public void assertIsGranted(RiotUser user,
                            String action,
                            Object object)
Description copied from interface: AssertionPolicy
By contract this method is invoked whenever an action is about to be executed. Implementors can use this hook to veto a previously granted permission.

Specified by:
assertIsGranted in interface AssertionPolicy
action - The action to be performed
object - The object on which the action is to be performed