Add logging.

core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java

@@ -25,6 +25,9 @@ import net.sf.acegisecurity.acl.AclManager;
 import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry;
 import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 
 import java.util.Collection;
@@ -95,6 +98,10 @@ import java.util.Set;
  */
 public class BasicAclEntryAfterInvocationCollectionFilteringProvider
     implements AfterInvocationProvider, InitializingBean {
+    //~ Static fields/initializers =============================================
+
+    protected static final Log logger = LogFactory.getLog(BasicAclEntryAfterInvocationCollectionFilteringProvider.class);
+
     //~ Instance fields ========================================================
 
     private AclManager aclManager;
@@ -154,6 +161,10 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider
             if (this.supports(attr)) {
                 // Need to process the Collection for this invocation
                 if (returnedObject == null) {
+                    if (logger.isDebugEnabled()) {
+                        logger.debug("Return object is null, skipping");
+                    }
+
                     return null;
                 }
 
@@ -202,6 +213,14 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider
                                     if (processableAcl.isPermitted(
                                             requirePermission[y])) {
                                         hasPermission = true;
+
+                                        if (logger.isDebugEnabled()) {
+                                            logger.debug(
+                                                "Principal is authorised for element: "
+                                                + domainObject
+                                                + " due to ACL: "
+                                                + processableAcl.toString());
+                                        }
                                     }
                                 }
                             }
@@ -210,16 +229,30 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider
 
                     if (!hasPermission) {
                         removeList.add(domainObject);
+
+                        if (logger.isDebugEnabled()) {
+                            logger.debug(
+                                "Principal is NOT authorised for element: "
+                                + domainObject);
+                        }
                     }
                 }
 
                 // Now the Iterator has ended, remove Objects from Collection
                 Iterator removeIter = removeList.iterator();
 
+                int originalSize = collection.size();
+
                 while (removeIter.hasNext()) {
                     collection.remove(removeIter.next());
                 }
 
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Original collection contained "
+                        + originalSize + " elements; now contains "
+                        + collection.size() + " elements");
+                }
+
                 return collection;
             }
         }

core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java

@@ -24,6 +24,9 @@ import net.sf.acegisecurity.acl.AclManager;
 import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry;
 import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 
 import java.util.Iterator;
@@ -89,6 +92,10 @@ import java.util.Iterator;
  */
 public class BasicAclEntryAfterInvocationProvider
     implements AfterInvocationProvider, InitializingBean {
+    //~ Static fields/initializers =============================================
+
+    protected static final Log logger = LogFactory.getLog(BasicAclEntryAfterInvocationProvider.class);
+
     //~ Instance fields ========================================================
 
     private AclManager aclManager;
@@ -150,6 +157,10 @@ public class BasicAclEntryAfterInvocationProvider
                 if (returnedObject == null) {
                     // AclManager interface contract prohibits nulls
                     // As they have permission to null/nothing, grant access
+                    if (logger.isDebugEnabled()) {
+                        logger.debug("Return object is null, skipping");
+                    }
+
                     return null;
                 }
 
@@ -171,6 +182,13 @@ public class BasicAclEntryAfterInvocationProvider
                         // See if principal has any of the required permissions
                         for (int y = 0; y < requirePermission.length; y++) {
                             if (processableAcl.isPermitted(requirePermission[y])) {
+                                if (logger.isDebugEnabled()) {
+                                    logger.debug(
+                                        "Principal DOES have permission to return object: "
+                                        + returnedObject + " due to ACL: "
+                                        + processableAcl.toString());
+                                }
+
                                 return returnedObject;
                             }
                         }