StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
511111
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2009-02-04T12:18:08.310
FavoriteCount
0
LastActivityDate
2009-02-04T12:18:08.310
LastEditDate
LastEditorUserId
0
OwnerUserId
45664
ParentId
510846
PostTypeId
2
Score
3
ViewCount
0
LastEditorDisplayName
text
Body
Well, the <code>AccesssDecisionVoter</code> interface actually returns an <code>int</code> in this situation. Granted, the built-in voter implementations always only return one of the three constants you mentioned (and these are what the standard access decision managers check for), but then they don't really have anything extra to return - the <code>RoleVoter</code> for instance will deny access if and only if the principal doesn't have the required role. Since you're using your own implementations both of the voters and the access decision manager, you have several options available as I see it: <ol> <li>Return other values of integers as some form of error code; treat <code>ACCESS_GRANTED</code>, <code>ACCESS_ABSTAIN</code> and <code>ACCESS_DENIED</code> as their typical values, but treat any other integer as "access denied" with an error code. Ideally have a lookup table of error codes available - essentially a poor man's enum.</li> <li>Within your voter, return <code>ACCESS_DENIED</code> as usual, and set some publically accessible property (either on the voter object itself or perhaps some statically-accessible field) with the error reason. In your manager, if you get access denied from your custom voter, check the property to get the details.</li> <li>As above, set an error property within the voter; but ensure that the instance of <code>Authentication</code> being passed in is one of your own custom subclasses that provides a good location to set/retrieve this information.</li> <li>Throw an <code>AccessDeniedException</code> (or suitable subclass) from within your voter itself. This is not ideal as it presupposes the logic in the access decision manager; but you could either let this bubble straight up, or if needed catch it within the manager (a custom subclass would definitely be good for this) and rethrow if access really is denied (something similar to what the <code>ProviderManager</code> class does with its <code>lastException</code> variable).</li> </ol> None of these sticks out as the obviously correct and elegant answer, but you should be able to get something workable from whichever one is most appropriate. Since there is no explicit support within the voter framework for communicating reasons (it's a straight boolean response fundamentally) I don't think you can do much better.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow to throw an informative exception from AccessDecisionManager that uses voters
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USAndrzej Doyle
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow to throw an informative exception from AccessDecisionManager that uses voters
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.