Example 1 with ExpressionBasedAnnotationAttributeFactory
use of org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory in project spring-security by spring-projects.
the class PrePostSecured method configureForElAnnotations.
private void configureForElAnnotations() {
DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
interceptor.setSecurityMetadataSource(new PrePostAnnotationSecurityMetadataSource(new ExpressionBasedAnnotationAttributeFactory(eh)));
interceptor.setAccessDecisionManager(adm);
AfterInvocationProviderManager aim = new AfterInvocationProviderManager();
aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(eh))));
interceptor.setAfterInvocationManager(aim);
}
Also used :
PostInvocationAdviceProvider(org.springframework.security.access.prepost.PostInvocationAdviceProvider)
AfterInvocationProviderManager(org.springframework.security.access.intercept.AfterInvocationProviderManager)
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
ExpressionBasedPostInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice)
DefaultMethodSecurityExpressionHandler(org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Example 2 with ExpressionBasedAnnotationAttributeFactory
use of org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method methodSecurityMetadataSource.
/**
* Provides the default {@link MethodSecurityMetadataSource} that will be used. It
* creates a {@link DelegatingMethodSecurityMetadataSource} based upon
* {@link #customMethodSecurityMetadataSource()} and the attributes on
* {@link EnableGlobalMethodSecurity}.
*
* @return
*/
@Bean
public MethodSecurityMetadataSource methodSecurityMetadataSource() {
List<MethodSecurityMetadataSource> sources = new ArrayList<MethodSecurityMetadataSource>();
ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(getExpressionHandler());
MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
if (customMethodSecurityMetadataSource != null) {
sources.add(customMethodSecurityMetadataSource);
}
if (prePostEnabled()) {
sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
}
if (securedEnabled()) {
sources.add(new SecuredAnnotationSecurityMetadataSource());
}
if (jsr250Enabled()) {
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaults != null) {
this.jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
sources.add(jsr250MethodSecurityMetadataSource);
}
return new DelegatingMethodSecurityMetadataSource(sources);
}
Also used :
SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
ArrayList(java.util.ArrayList)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Bean(org.springframework.context.annotation.Bean)
Aggregations
ExpressionBasedAnnotationAttributeFactory (org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)2
PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)2
ArrayList (java.util.ArrayList)1
Bean (org.springframework.context.annotation.Bean)1
Jsr250MethodSecurityMetadataSource (org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)1
SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)1
DefaultMethodSecurityExpressionHandler (org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler)1
ExpressionBasedPostInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice)1
AfterInvocationProviderManager (org.springframework.security.access.intercept.AfterInvocationProviderManager)1
DelegatingMethodSecurityMetadataSource (org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)1
MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)1
PostInvocationAdviceProvider (org.springframework.security.access.prepost.PostInvocationAdviceProvider)1
GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)1
