Search in sources :

Example 1 with ExpressionBasedAnnotationAttributeFactory

use of org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory in project spring-security by spring-projects.

the class PrePostSecured method configureForElAnnotations.

private void configureForElAnnotations() {
    DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
    interceptor.setSecurityMetadataSource(new PrePostAnnotationSecurityMetadataSource(new ExpressionBasedAnnotationAttributeFactory(eh)));
    interceptor.setAccessDecisionManager(adm);
    AfterInvocationProviderManager aim = new AfterInvocationProviderManager();
    aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(eh))));
    interceptor.setAfterInvocationManager(aim);
}
Also used : PostInvocationAdviceProvider(org.springframework.security.access.prepost.PostInvocationAdviceProvider) AfterInvocationProviderManager(org.springframework.security.access.intercept.AfterInvocationProviderManager) ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory) ExpressionBasedPostInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice) DefaultMethodSecurityExpressionHandler(org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler) PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)

Example 2 with ExpressionBasedAnnotationAttributeFactory

use of org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory in project spring-security by spring-projects.

the class GlobalMethodSecurityConfiguration method methodSecurityMetadataSource.

/**
	 * Provides the default {@link MethodSecurityMetadataSource} that will be used. It
	 * creates a {@link DelegatingMethodSecurityMetadataSource} based upon
	 * {@link #customMethodSecurityMetadataSource()} and the attributes on
	 * {@link EnableGlobalMethodSecurity}.
	 *
	 * @return
	 */
@Bean
public MethodSecurityMetadataSource methodSecurityMetadataSource() {
    List<MethodSecurityMetadataSource> sources = new ArrayList<MethodSecurityMetadataSource>();
    ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(getExpressionHandler());
    MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
    if (customMethodSecurityMetadataSource != null) {
        sources.add(customMethodSecurityMetadataSource);
    }
    if (prePostEnabled()) {
        sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
    }
    if (securedEnabled()) {
        sources.add(new SecuredAnnotationSecurityMetadataSource());
    }
    if (jsr250Enabled()) {
        GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
        if (grantedAuthorityDefaults != null) {
            this.jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
        }
        sources.add(jsr250MethodSecurityMetadataSource);
    }
    return new DelegatingMethodSecurityMetadataSource(sources);
}
Also used : SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource) ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory) GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) ArrayList(java.util.ArrayList) MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource) Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource) DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource) PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource) Bean(org.springframework.context.annotation.Bean)

Aggregations

ExpressionBasedAnnotationAttributeFactory (org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)2 PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)2 ArrayList (java.util.ArrayList)1 Bean (org.springframework.context.annotation.Bean)1 Jsr250MethodSecurityMetadataSource (org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)1 SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)1 DefaultMethodSecurityExpressionHandler (org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler)1 ExpressionBasedPostInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice)1 AfterInvocationProviderManager (org.springframework.security.access.intercept.AfterInvocationProviderManager)1 DelegatingMethodSecurityMetadataSource (org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)1 MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)1 PostInvocationAdviceProvider (org.springframework.security.access.prepost.PostInvocationAdviceProvider)1 GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)1