How to filter return collection of method with parameter by @PostFilter?

**schua** · Aug 5th, 2012, 11:11 PM

Hi guys,

I have a question whether @PostFilter works for method who has parameters.
I have following code blocks when implementing ACL of Spring Security 3.1.0.
In user business object interface UserBOInterface.java

Code:

public interface UserBOInterface {

    @PostFilter("hasPermission(filterObject, 'READ')")
    public List<UserEntity> findAllUsers();

    @PostFilter("hasPermission(filterObject, 'READ')")
    public List<UserEntity> findAllUsers(SortElement sortElement, List<FilterElement> filters);
}

Business object implementation is UserMngtBOImpl.java

Code:

public class UserMngtBOImpl implements UserBOInterface {

    private UserRepositoryInterface repository;

    public void setUserRepository(UserRepositoryInterface userRepository) {
        this.repository = userRepository;
    }

    @Override
    public List<UserEntity> findAllUsers(SortElement sortElement, List<FilterElement> filters) {

        return repository.findAllUsers(sortElement, filters);
    }
	
    @Override
    public List<UserGroupEntity> findAllUserGroups() {
        return userGroupRepository.findAll();
    }
}

In my JSF backing bean UserListBackingBean.java

Code:

public class UserListBackingBean implements Serializable {

    @ManagedProperty(value = "#{UserBOImpl}")
    private UserBOInterface userBO;
    private List<UserEntity> allUsers;
    private SortElement sortElement;

    public void setUserBO(UserBOInterface userBO) {
        this.userBO = userBO;
    }

    public void setSortElement(SortElement sortElement) {
        this.sortElement = sortElement;
    }

    public List<UserEntity> getAllUsers() {
        if (null == allUsers) {
            //allUsers = userBO.findAllUsers();
            //allUsers = userBO.findAllUsers(sortElement, new ArrayList<FilterElement>(filterMap.values()));
        }

        return allUsers;
    }
}

SortElement.java is as following.

Code:

public class SortElement {
    public static final int SORT_ASCENDING = 0;
    public static final int SORT_DESCENDING = 1;

    private String fieldName;
    private int sortOrder;

    public String getFieldName() {
        return fieldName;
    }

    public void setFieldName(String fieldName) {
        this.fieldName = fieldName;
    }

    public int getSortOrder() {
        return sortOrder;
    }

    public void setSortOrder(int sortOrder) {
        this.sortOrder = sortOrder;
    }

    public void toggleSortOrder() {
        sortOrder = (SORT_ASCENDING == sortOrder) ? SORT_DESCENDING : SORT_ASCENDING;
    }
}

When I uncomment the statement in blue, the correct filter user list is returned and several ACL entry relative DB queries are executed.
When I only uncomment the statement in red, a complete list of all user is returned and no ACL entry relative DB query is executed.

Is there anything I do wrong?

Thanks.
Flik

**Rob Winch** · Aug 6th, 2012, 02:25 PM

@PostFilter should work when there are parameters. In fact there is a unit test that verifies this behavior works. Is that the entire interface or is it only a subset to make things simpler? Have you tried using denyAll expression instead? You are certain it works for the other method? What does your configuration look like?

**schua** · Aug 7th, 2012, 10:43 PM

Hi Rob,

Many thanks for your reply.
After rebuilding and deploying, @PostFilter annotation works for me.
Maybe it is due to page caching.

Flik

Thread: How to filter return collection of method with parameter by @PostFilter?

Thread Tools

Display

How to filter return collection of method with parameter by @PostFilter?

Tags for this Thread

Posting Permissions