Object
returned from a secure object invocation, being able to modify the Object
or throw an {@link AccessDeniedException}. Typically used to ensure the principal is permitted to access the domain object instance returned by a service layer bean. Can also be used to mutate the domain object instance so the principal is only able to access authorised bean properties or Collection
elements.
Special consideration should be given to using an AfterInvocationManager
on bean methods that modify a database. Typically an AfterInvocationManager
is used with read-only methods, such as public DomainObject getById(id)
. If used with methods that modify a database, a transaction manager should be used to ensure any AccessDeniedException
will cause a rollback of the changes made by the transaction.
|
|
|
|
|
|
|
|
|
|
|
|