Example 1 with SecuredAnnotationSecurityMetadataSource
use of org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource in project spring-security by spring-projects.
the class PrePostSecured method setUp.
@Before
public final void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
interceptor = new AspectJMethodSecurityInterceptor();
AccessDecisionVoter[] voters = new AccessDecisionVoter[] { new RoleVoter(), new PreInvocationAuthorizationAdviceVoter(new ExpressionBasedPreInvocationAdvice()) };
adm = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(voters));
interceptor.setAccessDecisionManager(adm);
interceptor.setAuthenticationManager(authman);
interceptor.setSecurityMetadataSource(new SecuredAnnotationSecurityMetadataSource());
AnnotationSecurityAspect secAspect = AnnotationSecurityAspect.aspectOf();
secAspect.setSecurityInterceptor(interceptor);
}
Also used :
SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)
AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)
AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased)
RoleVoter(org.springframework.security.access.vote.RoleVoter)
AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)
ExpressionBasedPreInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice)
PreInvocationAuthorizationAdviceVoter(org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)
Before(org.junit.Before)
Example 2 with SecuredAnnotationSecurityMetadataSource
use of org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method methodSecurityMetadataSource.
/**
* Provides the default {@link MethodSecurityMetadataSource} that will be used. It
* creates a {@link DelegatingMethodSecurityMetadataSource} based upon
* {@link #customMethodSecurityMetadataSource()} and the attributes on
* {@link EnableGlobalMethodSecurity}.
*
* @return
*/
@Bean
public MethodSecurityMetadataSource methodSecurityMetadataSource() {
List<MethodSecurityMetadataSource> sources = new ArrayList<MethodSecurityMetadataSource>();
ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(getExpressionHandler());
MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
if (customMethodSecurityMetadataSource != null) {
sources.add(customMethodSecurityMetadataSource);
}
if (prePostEnabled()) {
sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
}
if (securedEnabled()) {
sources.add(new SecuredAnnotationSecurityMetadataSource());
}
if (jsr250Enabled()) {
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaults != null) {
this.jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
sources.add(jsr250MethodSecurityMetadataSource);
}
return new DelegatingMethodSecurityMetadataSource(sources);
}
Also used :
SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
ArrayList(java.util.ArrayList)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Bean(org.springframework.context.annotation.Bean)
Aggregations
SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)2
ArrayList (java.util.ArrayList)1
Before (org.junit.Before)1
Bean (org.springframework.context.annotation.Bean)1
AccessDecisionVoter (org.springframework.security.access.AccessDecisionVoter)1
Jsr250MethodSecurityMetadataSource (org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)1
ExpressionBasedAnnotationAttributeFactory (org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)1
ExpressionBasedPreInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice)1
AspectJMethodSecurityInterceptor (org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)1
DelegatingMethodSecurityMetadataSource (org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)1
MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)1
PreInvocationAuthorizationAdviceVoter (org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)1
PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)1
AffirmativeBased (org.springframework.security.access.vote.AffirmativeBased)1
RoleVoter (org.springframework.security.access.vote.RoleVoter)1
GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)1
