Example 1 with CurrentSecurityContext
use of org.springframework.security.core.annotation.CurrentSecurityContext in project spring-security by spring-projects.
the class CurrentSecurityContextArgumentResolver method resolveArgument.
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
SecurityContext securityContext = SecurityContextHolder.getContext();
if (securityContext == null) {
return null;
}
Object securityContextResult = securityContext;
CurrentSecurityContext annotation = findMethodAnnotation(CurrentSecurityContext.class, parameter);
String expressionToParse = annotation.expression();
if (StringUtils.hasLength(expressionToParse)) {
StandardEvaluationContext context = new StandardEvaluationContext();
context.setRootObject(securityContext);
context.setVariable("this", securityContext);
context.setBeanResolver(this.beanResolver);
Expression expression = this.parser.parseExpression(expressionToParse);
securityContextResult = expression.getValue(context);
}
if (securityContextResult != null && !parameter.getParameterType().isAssignableFrom(securityContextResult.getClass())) {
if (annotation.errorOnInvalidType()) {
throw new ClassCastException(securityContextResult + " is not assignable to " + parameter.getParameterType());
}
return null;
}
return securityContextResult;
}
Also used :
CurrentSecurityContext(org.springframework.security.core.annotation.CurrentSecurityContext)
StandardEvaluationContext(org.springframework.expression.spel.support.StandardEvaluationContext)
Expression(org.springframework.expression.Expression)
CurrentSecurityContext(org.springframework.security.core.annotation.CurrentSecurityContext)
SecurityContext(org.springframework.security.core.context.SecurityContext)
Example 2 with CurrentSecurityContext
use of org.springframework.security.core.annotation.CurrentSecurityContext in project spring-security by spring-projects.
the class CurrentSecurityContextArgumentResolver method resolveSecurityContext.
/**
* resolve the expression from {@link CurrentSecurityContext} annotation to get the
* value.
* @param parameter the method parameter.
* @param securityContext the security context.
* @return the resolved object from expression.
*/
private Object resolveSecurityContext(MethodParameter parameter, SecurityContext securityContext) {
CurrentSecurityContext annotation = findMethodAnnotation(CurrentSecurityContext.class, parameter);
Object securityContextResult = securityContext;
String expressionToParse = annotation.expression();
if (StringUtils.hasLength(expressionToParse)) {
StandardEvaluationContext context = new StandardEvaluationContext();
context.setRootObject(securityContext);
context.setVariable("this", securityContext);
context.setBeanResolver(this.beanResolver);
Expression expression = this.parser.parseExpression(expressionToParse);
securityContextResult = expression.getValue(context);
}
if (isInvalidType(parameter, securityContextResult)) {
if (annotation.errorOnInvalidType()) {
throw new ClassCastException(securityContextResult + " is not assignable to " + parameter.getParameterType());
}
return null;
}
return securityContextResult;
}
Also used :
CurrentSecurityContext(org.springframework.security.core.annotation.CurrentSecurityContext)
StandardEvaluationContext(org.springframework.expression.spel.support.StandardEvaluationContext)
Expression(org.springframework.expression.Expression)
Example 3 with CurrentSecurityContext
use of org.springframework.security.core.annotation.CurrentSecurityContext in project spring-security by spring-projects.
the class CurrentSecurityContextArgumentResolver method resolveSecurityContext.
private Object resolveSecurityContext(MethodParameter parameter, Object securityContext) {
CurrentSecurityContext contextAnno = findMethodAnnotation(CurrentSecurityContext.class, parameter);
String expressionToParse = contextAnno.expression();
if (StringUtils.hasLength(expressionToParse)) {
StandardEvaluationContext context = new StandardEvaluationContext();
context.setRootObject(securityContext);
context.setVariable("this", securityContext);
context.setBeanResolver(this.beanResolver);
Expression expression = this.parser.parseExpression(expressionToParse);
securityContext = expression.getValue(context);
}
if (isInvalidType(parameter, securityContext)) {
if (contextAnno.errorOnInvalidType()) {
throw new ClassCastException(securityContext + " is not assignable to " + parameter.getParameterType());
}
return null;
}
return securityContext;
}
Also used :
CurrentSecurityContext(org.springframework.security.core.annotation.CurrentSecurityContext)
StandardEvaluationContext(org.springframework.expression.spel.support.StandardEvaluationContext)
Expression(org.springframework.expression.Expression)
Aggregations
Expression (org.springframework.expression.Expression)3
StandardEvaluationContext (org.springframework.expression.spel.support.StandardEvaluationContext)3
CurrentSecurityContext (org.springframework.security.core.annotation.CurrentSecurityContext)3
SecurityContext (org.springframework.security.core.context.SecurityContext)1
