Closed
Description
We support filtering the results of collections, but it would be nice to filter non-collection types. I haven't decided on the syntax for this but here is a rough idea:
// needs work because won't work with primitives
class DefaultValueDeniedHandler implements MethodAccessDeniedHandler {
// FIXME: should we even allow access to the deniedObject?
// for PreAuthorize deniedObject is a reference to the method and arguments, for PostAuthorize it is the return value
public Object handle(Object deniedObject, AccessDeniedException e) {
return null;
}
}class Foo {
@DenyAll
@DeniedHandler(DefaultValueDeniedHandler.class)
String bar() {
return "bar";
}
}foo.bar(); // returns nullWe could also customize to do non-default types. For example if we wanted to mask the value:
// needs work because won't work with primitives
class MaskDeniedHandler implements MethodAccessDeniedHandler {
public String handle(String deniedObject, AccessDeniedException e) {
return "***";
}
}class Foo {
@DenyAll
@DeniedHandler(MaskDeniedHandler.class)
String bar() {
return "bar";
}
}foo.bar(); // returns "***"We can also create composed annotations to simplify.
class Foo {
@DenyAll
@MaskDenied
String bar() {
return "bar";
}
}foo.bar(); // returns "***"We can also allow the handler to be specified on the class level
@MaskDenied
class Foo {
@DenyAll
String bar() {
return "bar";
}
@DenyAll
String zip() {
return "zip";
}
}foo.bar(); // returns "***"
foo.zip(); // returns "***"