Examples with PostInvocationAdviceProvider org.springframework.security.access.prepost.PostInvocationAdviceProvider used on opensource projects

Example 1 with PostInvocationAdviceProvider

use of org.springframework.security.access.prepost.PostInvocationAdviceProvider in project spring-security by spring-projects.

the class PrePostSecured method configureForElAnnotations.

private void configureForElAnnotations() {
    DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
    interceptor.setSecurityMetadataSource(new PrePostAnnotationSecurityMetadataSource(new ExpressionBasedAnnotationAttributeFactory(eh)));
    interceptor.setAccessDecisionManager(adm);
    AfterInvocationProviderManager aim = new AfterInvocationProviderManager();
    aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(eh))));
    interceptor.setAfterInvocationManager(aim);
}

Example 2 with PostInvocationAdviceProvider

use of org.springframework.security.access.prepost.PostInvocationAdviceProvider in project spring-security by spring-projects.

the class GlobalMethodSecurityConfiguration method afterInvocationManager.

/**
	 * Provide a custom {@link AfterInvocationManager} for the default implementation of
	 * {@link #methodSecurityInterceptor()}. The default is null if pre post is not
	 * enabled. Otherwise, it returns a {@link AfterInvocationProviderManager}.
	 *
	 * <p>
	 * Subclasses should override this method to provide a custom
	 * {@link AfterInvocationManager}
	 * </p>
	 *
	 * @return
	 */
protected AfterInvocationManager afterInvocationManager() {
    if (prePostEnabled()) {
        AfterInvocationProviderManager invocationProviderManager = new AfterInvocationProviderManager();
        ExpressionBasedPostInvocationAdvice postAdvice = new ExpressionBasedPostInvocationAdvice(getExpressionHandler());
        PostInvocationAdviceProvider postInvocationAdviceProvider = new PostInvocationAdviceProvider(postAdvice);
        List<AfterInvocationProvider> afterInvocationProviders = new ArrayList<AfterInvocationProvider>();
        afterInvocationProviders.add(postInvocationAdviceProvider);
        invocationProviderManager.setProviders(afterInvocationProviders);
        return invocationProviderManager;
    }
    return null;
}

Example 3 with PostInvocationAdviceProvider

use of org.springframework.security.access.prepost.PostInvocationAdviceProvider in project spring-security by spring-projects.

the class GlobalMethodSecurityBeanDefinitionParserTests method expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance.

// Expression configuration tests
@SuppressWarnings("unchecked")
@Test
public void expressionVoterAndAfterInvocationProviderUseSameExpressionHandlerInstance() throws Exception {
    setContext("<global-method-security pre-post-annotations='enabled'/>" + AUTH_PROVIDER_XML);
    AffirmativeBased adm = (AffirmativeBased) appContext.getBeansOfType(AffirmativeBased.class).values().toArray()[0];
    List voters = (List) FieldUtils.getFieldValue(adm, "decisionVoters");
    PreInvocationAuthorizationAdviceVoter mev = (PreInvocationAuthorizationAdviceVoter) voters.get(0);
    MethodSecurityMetadataSourceAdvisor msi = (MethodSecurityMetadataSourceAdvisor) appContext.getBeansOfType(MethodSecurityMetadataSourceAdvisor.class).values().toArray()[0];
    AfterInvocationProviderManager pm = (AfterInvocationProviderManager) ((MethodSecurityInterceptor) msi.getAdvice()).getAfterInvocationManager();
    PostInvocationAdviceProvider aip = (PostInvocationAdviceProvider) pm.getProviders().get(0);
    assertThat(FieldUtils.getFieldValue(mev, "preAdvice.expressionHandler")).isSameAs(FieldUtils.getFieldValue(aip, "postAdvice.expressionHandler"));
}