Search in sources :

Example 1 with DefaultMessageSecurityMetadataSource

use of org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource in project spring-security by spring-projects.

the class ExpressionBasedMessageSecurityMetadataSourceFactory method createExpressionMessageMetadataSource.

/**
	 * Create a {@link MessageSecurityMetadataSource} that uses {@link MessageMatcher}
	 * mapped to Spring Expressions. Each entry is considered in order and only the first
	 * match is used.
	 *
	 * For example:
	 *
	 * <pre>
	 *     LinkedHashMap&lt;MessageMatcher&lt;?&gt;,String&gt; matcherToExpression = new LinkedHashMap&lt;MessageMatcher&lt;Object&gt;,String&gt;();
	 *     matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll");
	 *     matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')");
	 *     matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated");
	 *
	 *     MessageSecurityMetadataSource metadataSource = createExpressionMessageMetadataSource(matcherToExpression);
	 * </pre>
	 *
	 * <p>
	 * If our destination is "/public/hello", it would match on "/public/**" and on "/**".
	 * However, only "/public/**" would be used since it is the first entry. That means
	 * that a destination of "/public/hello" will be mapped to "permitAll".
	 * </p>
	 *
	 * <p>
	 * For a complete listing of expressions see {@link MessageSecurityExpressionRoot}
	 * </p>
	 *
	 * @param matcherToExpression an ordered mapping of {@link MessageMatcher} to Strings
	 * that are turned into an Expression using
	 * {@link DefaultMessageSecurityExpressionHandler#getExpressionParser()}
	 * @param handler the {@link SecurityExpressionHandler} to use
	 * @return the {@link MessageSecurityMetadataSource} to use. Cannot be null.
	 */
public static MessageSecurityMetadataSource createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String> matcherToExpression, SecurityExpressionHandler<Message<Object>> handler) {
    LinkedHashMap<MessageMatcher<?>, Collection<ConfigAttribute>> matcherToAttrs = new LinkedHashMap<MessageMatcher<?>, Collection<ConfigAttribute>>();
    for (Map.Entry<MessageMatcher<?>, String> entry : matcherToExpression.entrySet()) {
        MessageMatcher<?> matcher = entry.getKey();
        String rawExpression = entry.getValue();
        Expression expression = handler.getExpressionParser().parseExpression(rawExpression);
        ConfigAttribute attribute = new MessageExpressionConfigAttribute(expression);
        matcherToAttrs.put(matcher, Arrays.asList(attribute));
    }
    return new DefaultMessageSecurityMetadataSource(matcherToAttrs);
}
Also used : MessageMatcher(org.springframework.security.messaging.util.matcher.MessageMatcher) ConfigAttribute(org.springframework.security.access.ConfigAttribute) Expression(org.springframework.expression.Expression) Collection(java.util.Collection) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) DefaultMessageSecurityMetadataSource(org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

Collection (java.util.Collection)1 LinkedHashMap (java.util.LinkedHashMap)1 Map (java.util.Map)1 Expression (org.springframework.expression.Expression)1 ConfigAttribute (org.springframework.security.access.ConfigAttribute)1 DefaultMessageSecurityMetadataSource (org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource)1 MessageMatcher (org.springframework.security.messaging.util.matcher.MessageMatcher)1