filtering search results with AfterInvocationProvider

[conor]

Hi,

I am planning to implement a simple search engine with iBatis. You can search against a single table at a time and the search results are a list of maps, basically I don't want to return complete domain objects or have to call subsystemManager.getAll(). Essentially its a high level view, so not all details are required.

So I have 2 questions:
Can AfterInvocationProvider filter this type of collection properly or is the domain specific object required?

Given that I will have the users id before I make the request, should I be looking to implement this differently?

Appreciate any suggestions,
Thanks,
Conor.

[Ben Alex]

Search engines are always interesting from an ACL perspective, as generally it's non-performant to use an AfterInvocationManager or AfterInvocationProvider (such as BasicAclEntryAfterInvocationCollectionFilteringPro vider or BasicAclEntryAfterInvocationProvider) for filtering a potentially large resultset down to those results to which the user has permission.

Generally the best approach is to make your search tool Acegi Security SecurityContextHolder.getContext().getAuthenticati on() aware. This obviously doesn't give the full benefit of AOP removing security concerns from your business logic, but in the case of large resultsets it is a reasonable trade-off.

If you're only dealing with small resultsets, or you are happy to return paginated resultsets, by all means use the aforementioned ACL classes to achieve your goal. In that case each of the elements in your Map would need to equate to something that an AclObjectIdentity instance could be obtained for (eg they implement AclObjectIdentityAware or NamedEntityObjectIdentity). In this case each object will need an ACL entry in your ACL table.