Example 1 with MethodSecurityInterceptor
use of org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method methodSecurityInterceptor.
/**
* Creates the default MethodInterceptor which is a MethodSecurityInterceptor using
* the following methods to construct it.
* <ul>
* <li>{@link #accessDecisionManager()}</li>
* <li>{@link #afterInvocationManager()}</li>
* <li>{@link #authenticationManager()}</li>
* <li>{@link #methodSecurityMetadataSource()}</li>
* <li>{@link #runAsManager()}</li>
*
* </ul>
*
* <p>
* Subclasses can override this method to provide a different
* {@link MethodInterceptor}.
* </p>
*
* @return
* @throws Exception
*/
@Bean
public MethodInterceptor methodSecurityInterceptor() throws Exception {
this.methodSecurityInterceptor = isAspectJ() ? new AspectJMethodSecurityInterceptor() : new MethodSecurityInterceptor();
methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager());
methodSecurityInterceptor.setSecurityMetadataSource(methodSecurityMetadataSource());
RunAsManager runAsManager = runAsManager();
if (runAsManager != null) {
methodSecurityInterceptor.setRunAsManager(runAsManager);
}
return this.methodSecurityInterceptor;
}
Also used :
RunAsManager(org.springframework.security.access.intercept.RunAsManager)
AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)
AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)
MethodSecurityInterceptor(org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)
Bean(org.springframework.context.annotation.Bean)
Example 2 with MethodSecurityInterceptor
use of org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor in project spring-security by spring-projects.
the class MethodInvocationPrivilegeEvaluatorTests method setUp.
@BeforeEach
public final void setUp() {
SecurityContextHolder.clearContext();
this.interceptor = new MethodSecurityInterceptor();
this.token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMETHING");
this.adm = mock(AccessDecisionManager.class);
AuthenticationManager authman = mock(AuthenticationManager.class);
this.mds = mock(MethodSecurityMetadataSource.class);
this.interceptor.setAccessDecisionManager(this.adm);
this.interceptor.setAuthenticationManager(authman);
this.interceptor.setSecurityMetadataSource(this.mds);
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
AccessDecisionManager(org.springframework.security.access.AccessDecisionManager)
MethodSecurityInterceptor(org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 3 with MethodSecurityInterceptor
use of org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method methodSecurityInterceptor.
/**
* Creates the default MethodInterceptor which is a MethodSecurityInterceptor using
* the following methods to construct it.
* <ul>
* <li>{@link #accessDecisionManager()}</li>
* <li>{@link #afterInvocationManager()}</li>
* <li>{@link #authenticationManager()}</li>
* <li>{@link #runAsManager()}</li>
*
* </ul>
*
* <p>
* Subclasses can override this method to provide a different
* {@link MethodInterceptor}.
* </p>
* @param methodSecurityMetadataSource the default
* {@link MethodSecurityMetadataSource}.
* @return the {@link MethodInterceptor}.
*/
@Bean
public MethodInterceptor methodSecurityInterceptor(MethodSecurityMetadataSource methodSecurityMetadataSource) {
this.methodSecurityInterceptor = isAspectJ() ? new AspectJMethodSecurityInterceptor() : new MethodSecurityInterceptor();
this.methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
this.methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager());
this.methodSecurityInterceptor.setSecurityMetadataSource(methodSecurityMetadataSource);
RunAsManager runAsManager = runAsManager();
if (runAsManager != null) {
this.methodSecurityInterceptor.setRunAsManager(runAsManager);
}
return this.methodSecurityInterceptor;
}
Also used :
RunAsManager(org.springframework.security.access.intercept.RunAsManager)
AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)
AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)
MethodSecurityInterceptor(org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)
Bean(org.springframework.context.annotation.Bean)
Example 4 with MethodSecurityInterceptor
use of org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor in project spring-security by spring-projects.
the class GlobalMethodSecurityConfigurationTests method methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled.
@Test
public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {
this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire();
MethodSecurityInterceptor methodInterceptor = (MethodSecurityInterceptor) this.spring.getContext().getBean(MethodInterceptor.class);
MethodSecurityMetadataSource methodSecurityMetadataSource = this.spring.getContext().getBean(MethodSecurityMetadataSource.class);
assertThat(methodInterceptor.getSecurityMetadataSource()).isSameAs(methodSecurityMetadataSource);
}
Also used :
MethodInterceptor(org.aopalliance.intercept.MethodInterceptor)
MethodSecurityInterceptor(org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Test(org.junit.jupiter.api.Test)
Aggregations
MethodSecurityInterceptor (org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)4
Bean (org.springframework.context.annotation.Bean)2
RunAsManager (org.springframework.security.access.intercept.RunAsManager)2
AspectJMethodSecurityInterceptor (org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)2
MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)2
MethodInterceptor (org.aopalliance.intercept.MethodInterceptor)1
BeforeEach (org.junit.jupiter.api.BeforeEach)1
Test (org.junit.jupiter.api.Test)1
AccessDecisionManager (org.springframework.security.access.AccessDecisionManager)1
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)1
