Search in sources :

Example 1 with AfterInvocationProviderManager

use of org.springframework.security.access.intercept.AfterInvocationProviderManager in project spring-security by spring-projects.

the class PrePostSecured method configureForElAnnotations.

private void configureForElAnnotations() {
    DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
    interceptor.setSecurityMetadataSource(new PrePostAnnotationSecurityMetadataSource(new ExpressionBasedAnnotationAttributeFactory(eh)));
    interceptor.setAccessDecisionManager(adm);
    AfterInvocationProviderManager aim = new AfterInvocationProviderManager();
    aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(eh))));
    interceptor.setAfterInvocationManager(aim);
}
Also used : PostInvocationAdviceProvider(org.springframework.security.access.prepost.PostInvocationAdviceProvider) AfterInvocationProviderManager(org.springframework.security.access.intercept.AfterInvocationProviderManager) ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory) ExpressionBasedPostInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice) DefaultMethodSecurityExpressionHandler(org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler) PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)

Example 2 with AfterInvocationProviderManager

use of org.springframework.security.access.intercept.AfterInvocationProviderManager in project spring-security by spring-projects.

the class GlobalMethodSecurityConfiguration method afterInvocationManager.

/**
	 * Provide a custom {@link AfterInvocationManager} for the default implementation of
	 * {@link #methodSecurityInterceptor()}. The default is null if pre post is not
	 * enabled. Otherwise, it returns a {@link AfterInvocationProviderManager}.
	 *
	 * <p>
	 * Subclasses should override this method to provide a custom
	 * {@link AfterInvocationManager}
	 * </p>
	 *
	 * @return
	 */
protected AfterInvocationManager afterInvocationManager() {
    if (prePostEnabled()) {
        AfterInvocationProviderManager invocationProviderManager = new AfterInvocationProviderManager();
        ExpressionBasedPostInvocationAdvice postAdvice = new ExpressionBasedPostInvocationAdvice(getExpressionHandler());
        PostInvocationAdviceProvider postInvocationAdviceProvider = new PostInvocationAdviceProvider(postAdvice);
        List<AfterInvocationProvider> afterInvocationProviders = new ArrayList<AfterInvocationProvider>();
        afterInvocationProviders.add(postInvocationAdviceProvider);
        invocationProviderManager.setProviders(afterInvocationProviders);
        return invocationProviderManager;
    }
    return null;
}
Also used : PostInvocationAdviceProvider(org.springframework.security.access.prepost.PostInvocationAdviceProvider) AfterInvocationProviderManager(org.springframework.security.access.intercept.AfterInvocationProviderManager) ArrayList(java.util.ArrayList) ExpressionBasedPostInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice) AfterInvocationProvider(org.springframework.security.access.AfterInvocationProvider)

Example 3 with AfterInvocationProviderManager

use of org.springframework.security.access.intercept.AfterInvocationProviderManager in project spring-security by spring-projects.

the class GlobalMethodSecurityBeanDefinitionParserTests method expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance.

// Expression configuration tests
@SuppressWarnings("unchecked")
@Test
public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception {
    setContext("<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
    AffirmativeBased adm = (AffirmativeBased) appContext.getBeansOfType(AffirmativeBased.class).values().toArray()[0];
    List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters");
    PreInvocationAuthorizationAdviceVoter mev = (PreInvocationAuthorizationAdviceVoter) voters.get(0);
    MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) appContext.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
    AfterInvocationProviderManager pm = (AfterInvocationProviderManager) ((MethodSecurityInterceptor) msi.getAdvice()).getAfterInvocationManager();
    PostInvocationAdviceProvider aip = (PostInvocationAdviceProvider) pm.getProviders().get(0);
    assertThat(FieldUtils.getFieldValue(mev, "preAdvice.expressionHandler")).isSameAs(FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler"));
}
Also used : PostInvocationAdviceProvider(org.springframework.security.access.prepost.PostInvocationAdviceProvider) MethodSecurityMetadataSourceAdvisor(org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor) AfterInvocationProviderManager(org.springframework.security.access.intercept.AfterInvocationProviderManager) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) ArrayList(java.util.ArrayList) List(java.util.List) PreInvocationAuthorizationAdviceVoter(org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter) Test(org.junit.Test)

Aggregations

AfterInvocationProviderManager (org.springframework.security.access.intercept.AfterInvocationProviderManager)3 PostInvocationAdviceProvider (org.springframework.security.access.prepost.PostInvocationAdviceProvider)3 ArrayList (java.util.ArrayList)2 ExpressionBasedPostInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice)2 List (java.util.List)1 Test (org.junit.Test)1 AfterInvocationProvider (org.springframework.security.access.AfterInvocationProvider)1 DefaultMethodSecurityExpressionHandler (org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler)1 ExpressionBasedAnnotationAttributeFactory (org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)1 MethodSecurityMetadataSourceAdvisor (org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor)1 PreInvocationAuthorizationAdviceVoter (org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)1 PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)1 AffirmativeBased (org.springframework.security.access.vote.AffirmativeBased)1