Announcement Announcement Module
Collapse
No announcement yet.
filtering search results with AfterInvocationProvider Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • filtering search results with AfterInvocationProvider

    Hi,

    I am planning to implement a simple search engine with iBatis. You can search against a single table at a time and the search results are a list of maps, basically I don't want to return complete domain objects or have to call subsystemManager.getAll(). Essentially its a high level view, so not all details are required.

    So I have 2 questions:
    Can AfterInvocationProvider filter this type of collection properly or is the domain specific object required?

    Given that I will have the users id before I make the request, should I be looking to implement this differently?

    Appreciate any suggestions,
    Thanks,
    Conor.

  • #2
    Search engines are always interesting from an ACL perspective, as generally it's non-performant to use an AfterInvocationManager or AfterInvocationProvider (such as BasicAclEntryAfterInvocationCollectionFilteringPro vider or BasicAclEntryAfterInvocationProvider) for filtering a potentially large resultset down to those results to which the user has permission.

    Generally the best approach is to make your search tool Acegi Security SecurityContextHolder.getContext().getAuthenticati on() aware. This obviously doesn't give the full benefit of AOP removing security concerns from your business logic, but in the case of large resultsets it is a reasonable trade-off.

    If you're only dealing with small resultsets, or you are happy to return paginated resultsets, by all means use the aforementioned ACL classes to achieve your goal. In that case each of the elements in your Map would need to equate to something that an AclObjectIdentity instance could be obtained for (eg they implement AclObjectIdentityAware or NamedEntityObjectIdentity). In this case each object will need an ACL entry in your ACL table.

    Comment

    Working...
    X