use of org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource in project spring-security by spring-projects.
the class ExpressionBasedMessageSecurityMetadataSourceFactory method createExpressionMessageMetadataSource.
/**
* Create a {@link MessageSecurityMetadataSource} that uses {@link MessageMatcher}
* mapped to Spring Expressions. Each entry is considered in order and only the first
* match is used.
*
* For example:
*
* <pre>
* LinkedHashMap<MessageMatcher<?>,String> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>,String>();
* matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll");
* matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')");
* matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated");
*
* MessageSecurityMetadataSource metadataSource = createExpressionMessageMetadataSource(matcherToExpression);
* </pre>
*
* <p>
* If our destination is "/public/hello", it would match on "/public/**" and on "/**".
* However, only "/public/**" would be used since it is the first entry. That means
* that a destination of "/public/hello" will be mapped to "permitAll".
* </p>
*
* <p>
* For a complete listing of expressions see {@link MessageSecurityExpressionRoot}
* </p>
*
* @param matcherToExpression an ordered mapping of {@link MessageMatcher} to Strings
* that are turned into an Expression using
* {@link DefaultMessageSecurityExpressionHandler#getExpressionParser()}
* @param handler the {@link SecurityExpressionHandler} to use
* @return the {@link MessageSecurityMetadataSource} to use. Cannot be null.
*/
public static MessageSecurityMetadataSource createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String> matcherToExpression, SecurityExpressionHandler<Message<Object>> handler) {
LinkedHashMap<MessageMatcher<?>, Collection<ConfigAttribute>> matcherToAttrs = new LinkedHashMap<MessageMatcher<?>, Collection<ConfigAttribute>>();
for (Map.Entry<MessageMatcher<?>, String> entry : matcherToExpression.entrySet()) {
MessageMatcher<?> matcher = entry.getKey();
String rawExpression = entry.getValue();
Expression expression = handler.getExpressionParser().parseExpression(rawExpression);
ConfigAttribute attribute = new MessageExpressionConfigAttribute(expression);
matcherToAttrs.put(matcher, Arrays.asList(attribute));
}
return new DefaultMessageSecurityMetadataSource(matcherToAttrs);
}
Aggregations