Made BasicAclProvider to only respond to specified ACL object requests.

changelog.txt

@@ -8,6 +8,7 @@ Changes in version 0.7 (2004-xx-xx)
 * Added AuthenticationProcessingFilter.setDetails for use by subclasses
 * Added 403-causing exception to HttpSession via SecurityEnforcementFilter
 * Added net.sf.acegisecurity.intercept.event package
+* Improved BasicAclProvider to only respond to specified ACL object requests
 * Refactored MethodDefinitionSource to work with Method, not MethodInvocation
 * Refactored AbstractSecurityInterceptor to better support other AOP libraries
 * Fixed AbstractProcessingFitler to use removeAttribute (JRun compatibility)

core/src/main/java/org/acegisecurity/acl/basic/BasicAclProvider.java

@@ -93,6 +93,7 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
     private BasicAclDao basicAclDao;
     private BasicAclEntryCache basicAclEntryCache = new NullAclEntryCache();
     private Class defaultAclObjectIdentityClass = NamedEntityObjectIdentity.class;
+    private Class restrictSupportToClass = null;
     private EffectiveAclsResolver effectiveAclsResolver = new GrantedAuthorityEffectiveAclsResolver();
 
     //~ Methods ================================================================
@@ -230,6 +231,28 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
         return effectiveAclsResolver;
     }
 
+    /**
+     * If set to a value other than <code>null</code>, the {@link
+     * #supports(Object)} method will <b>only</b> support the indicates class.
+     * This is useful if you wish to wire multiple
+     * <code>BasicAclProvider</code>s in a list of
+     * <code>AclProviderManager.providers</code> but only have particular
+     * instances respond to particular domain object types.
+     *
+     * @param restrictSupportToClass the class to restrict this
+     *        <code>BasicAclProvider</code> to service request for, or
+     *        <code>null</code> (the default) if the
+     *        <code>BasicAclProvider</code> should respond to every class
+     *        presented
+     */
+    public void setRestrictSupportToClass(Class restrictSupportToClass) {
+        this.restrictSupportToClass = restrictSupportToClass;
+    }
+
+    public Class getRestrictSupportToClass() {
+        return restrictSupportToClass;
+    }
+
     public void afterPropertiesSet() {
         if (basicAclDao == null) {
             throw new IllegalArgumentException("basicAclDao required");
@@ -260,9 +283,14 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
     }
 
     /**
-     * Indicates support for the passed object if it an
-     * <code>AclObjectIdentity</code> is returned by {@link
-     * #obtainIdentity(Object)}.
+     * Indicates support for the passed object.
+     * 
+     * <p>
+     * An object will only be supported if it (i) is allowed to be supported as
+     * defined by the {@link #setRestrictSupportToClass(Class)} method,
+     * <b>and</b> (ii) if an <code>AclObjectIdentity</code> is returned by
+     * {@link #obtainIdentity(Object)} for that object.
+     * </p>
      *
      * @param domainInstance the instance to check
      *
@@ -270,6 +298,16 @@ public class BasicAclProvider implements AclProvider, InitializingBean {
      *         <code>false</code> otherwise
      */
     public boolean supports(Object domainInstance) {
+        if (domainInstance == null) {
+            return false;
+        }
+
+        if ((restrictSupportToClass != null)
+            && !restrictSupportToClass.isAssignableFrom(
+                domainInstance.getClass())) {
+            return false;
+        }
+
         if (obtainIdentity(domainInstance) == null) {
             return false;
         } else {

core/src/test/java/org/acegisecurity/acl/basic/BasicAclProviderTests.java

@@ -184,6 +184,10 @@ public class BasicAclProviderTests extends TestCase {
 
         provider.setBasicAclDao(new MockDao());
         assertNotNull(provider.getBasicAclDao());
+
+        assertNull(provider.getRestrictSupportToClass());
+        provider.setRestrictSupportToClass(SomeDomain.class);
+        assertEquals(SomeDomain.class, provider.getRestrictSupportToClass());
     }
 
     public void testStartupFailsIfNullAclDao() throws Exception {
@@ -276,6 +280,16 @@ public class BasicAclProviderTests extends TestCase {
 
         // this one SHOULD be supported, as it implements AclObjectIdentityAware
         assertTrue(provider.supports(new MockDomain(4)));
+
+        // now restrict the provider to only respond to SomeDomain.class requests
+        provider.setRestrictSupportToClass(SomeDomain.class);
+        assertEquals(SomeDomain.class, provider.getRestrictSupportToClass());
+
+        // this one SHOULD be supported, as it has a getId() method AND it meets the restrictSupportToClass criteria
+        assertTrue(provider.supports(new SomeDomain()));
+
+        // this one should NOT be suported, as whilst it implement AclObjectIdentityAware (as proven earlier in the test), it does NOT meet the restrictSupportToClass criteria
+        assertFalse(provider.supports(new MockDomain(4)));
     }
 
     private JdbcDaoImpl makePopulatedJdbcDao() throws Exception {