Example 1 with PrePostAnnotationSecurityMetadataSource
use of org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource in project spring-security by spring-projects.
the class PrePostSecured method configureForElAnnotations.
private void configureForElAnnotations() {
DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
interceptor.setSecurityMetadataSource(new PrePostAnnotationSecurityMetadataSource(new ExpressionBasedAnnotationAttributeFactory(eh)));
interceptor.setAccessDecisionManager(adm);
AfterInvocationProviderManager aim = new AfterInvocationProviderManager();
aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(eh))));
interceptor.setAfterInvocationManager(aim);
}
Also used :
PostInvocationAdviceProvider(org.springframework.security.access.prepost.PostInvocationAdviceProvider)
AfterInvocationProviderManager(org.springframework.security.access.intercept.AfterInvocationProviderManager)
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
ExpressionBasedPostInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice)
DefaultMethodSecurityExpressionHandler(org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Example 2 with PrePostAnnotationSecurityMetadataSource
use of org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource in project spring-security by spring-projects.
the class AnnotationSecurityAspectTests method configureForElAnnotations.
private void configureForElAnnotations() {
DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
this.interceptor.setSecurityMetadataSource(new PrePostAnnotationSecurityMetadataSource(new ExpressionBasedAnnotationAttributeFactory(eh)));
this.interceptor.setAccessDecisionManager(this.adm);
AfterInvocationProviderManager aim = new AfterInvocationProviderManager();
aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(eh))));
this.interceptor.setAfterInvocationManager(aim);
}
Also used :
PostInvocationAdviceProvider(org.springframework.security.access.prepost.PostInvocationAdviceProvider)
AfterInvocationProviderManager(org.springframework.security.access.intercept.AfterInvocationProviderManager)
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
ExpressionBasedPostInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice)
DefaultMethodSecurityExpressionHandler(org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Example 3 with PrePostAnnotationSecurityMetadataSource
use of org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method methodSecurityMetadataSource.
/**
* Provides the default {@link MethodSecurityMetadataSource} that will be used. It
* creates a {@link DelegatingMethodSecurityMetadataSource} based upon
* {@link #customMethodSecurityMetadataSource()} and the attributes on
* {@link EnableGlobalMethodSecurity}.
* @return the {@link MethodSecurityMetadataSource}
*/
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public MethodSecurityMetadataSource methodSecurityMetadataSource() {
List<MethodSecurityMetadataSource> sources = new ArrayList<>();
ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(getExpressionHandler());
MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
if (customMethodSecurityMetadataSource != null) {
sources.add(customMethodSecurityMetadataSource);
}
boolean hasCustom = customMethodSecurityMetadataSource != null;
boolean isPrePostEnabled = prePostEnabled();
boolean isSecuredEnabled = securedEnabled();
boolean isJsr250Enabled = jsr250Enabled();
Assert.state(isPrePostEnabled || isSecuredEnabled || isJsr250Enabled || hasCustom, "In the composition of all global method configuration, " + "no annotation support was actually activated");
if (isPrePostEnabled) {
sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
}
if (isSecuredEnabled) {
sources.add(new SecuredAnnotationSecurityMetadataSource());
}
if (isJsr250Enabled) {
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource = this.context.getBean(Jsr250MethodSecurityMetadataSource.class);
if (grantedAuthorityDefaults != null) {
jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
sources.add(jsr250MethodSecurityMetadataSource);
}
return new DelegatingMethodSecurityMetadataSource(sources);
}
Also used :
SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
ArrayList(java.util.ArrayList)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Role(org.springframework.context.annotation.Role)
Bean(org.springframework.context.annotation.Bean)
Example 4 with PrePostAnnotationSecurityMetadataSource
use of org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource in project spring-security by spring-projects.
the class ReactiveMethodSecurityConfiguration method methodMetadataSource.
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
DelegatingMethodSecurityMetadataSource methodMetadataSource(MethodSecurityExpressionHandler methodSecurityExpressionHandler) {
ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(methodSecurityExpressionHandler);
PrePostAnnotationSecurityMetadataSource prePostSource = new PrePostAnnotationSecurityMetadataSource(attributeFactory);
return new DelegatingMethodSecurityMetadataSource(Arrays.asList(prePostSource));
}
Also used :
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Role(org.springframework.context.annotation.Role)
Bean(org.springframework.context.annotation.Bean)
Aggregations
ExpressionBasedAnnotationAttributeFactory (org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)4
PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)4
Bean (org.springframework.context.annotation.Bean)2
Role (org.springframework.context.annotation.Role)2
DefaultMethodSecurityExpressionHandler (org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler)2
ExpressionBasedPostInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice)2
AfterInvocationProviderManager (org.springframework.security.access.intercept.AfterInvocationProviderManager)2
DelegatingMethodSecurityMetadataSource (org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)2
PostInvocationAdviceProvider (org.springframework.security.access.prepost.PostInvocationAdviceProvider)2
ArrayList (java.util.ArrayList)1
Jsr250MethodSecurityMetadataSource (org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)1
SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)1
MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)1
GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)1
