List of usage examples for org.springframework.security.access.expression.method ExpressionBasedAnnotationAttributeFactory ExpressionBasedAnnotationAttributeFactory
public ExpressionBasedAnnotationAttributeFactory(MethodSecurityExpressionHandler handler)
From source file:org.vaadin.spring.security.provider.PreAuthorizeViewProviderAccessDelegate.java
@Override public boolean isAccessGranted(UI ui, String beanName) { PreAuthorize viewSecured = applicationContext.findAnnotationOnBean(beanName, PreAuthorize.class); if (viewSecured == null) { return true; } else if (security.hasAccessDecisionManager()) { final Class<?> targetClass = AopUtils.getTargetClass(applicationContext.getBean(beanName)); final Method method = ClassUtils.getMethod( AopUtils.getTargetClass(applicationContext.getBean(beanName)), "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class); final MethodInvocation methodInvocation = MethodInvocationUtils.createFromClass(targetClass, method.getName());/*from w ww. j ava2 s . com*/ final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); final AccessDecisionManager accessDecisionManager = security.getAccessDecisionManager(); final ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory( new DefaultMethodSecurityExpressionHandler()); Collection<ConfigAttribute> atributi = new ArrayList<ConfigAttribute>(); atributi.add(attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value())); try { accessDecisionManager.decide(authentication, methodInvocation, atributi); return true; } catch (InsufficientAuthenticationException e) { return false; } catch (AccessDeniedException e) { return false; } } else { return true; // Access decision manager required for @PreAuthorize() } }
From source file:org.vaadin.spring.security.navigation.PreAuthorizeViewInstanceAccessControl.java
@Override public boolean isAccessGranted(UI ui, String beanName, View view) { final PreAuthorize viewSecured = applicationContext.findAnnotationOnBean(beanName, PreAuthorize.class); if (viewSecured == null) { logger.trace("No @PreAuthorize annotation found on view {}. Granting access.", beanName); return true; } else if (security.hasAccessDecisionManager()) { final Class<?> targetClass = AopUtils.getTargetClass(view); final Method method = ClassUtils.getMethod(targetClass, "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class); final MethodInvocation methodInvocation = MethodInvocationUtils.createFromClass(targetClass, method.getName());//from www. j av a2 s.c o m final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); final AccessDecisionManager accessDecisionManager = security.getAccessDecisionManager(); final ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory( new DefaultMethodSecurityExpressionHandler()); final Collection<ConfigAttribute> attributes = Collections.singleton((ConfigAttribute) attributeFactory .createPreInvocationAttribute(null, null, viewSecured.value())); try { accessDecisionManager.decide(authentication, methodInvocation, attributes); logger.trace("Access to view {} was granted by access decision manager", beanName); return true; } catch (InsufficientAuthenticationException e) { logger.trace("Access to view {} was denied because of insufficient authentication credentials", beanName); return false; } catch (AccessDeniedException e) { logger.trace("Access to view {} was denied", beanName); return false; } } else { logger.warn( "Found view {} annotated with @PreAuthorize but no access decision manager. Granting access.", beanName); return true; } }
From source file:org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.java
/** * Provides the default {@link MethodSecurityMetadataSource} that will be used. It * creates a {@link DelegatingMethodSecurityMetadataSource} based upon * {@link #customMethodSecurityMetadataSource()} and the attributes on * {@link EnableGlobalMethodSecurity}.//from w ww. j a v a 2s . com * * @return the {@link MethodSecurityMetadataSource} */ @Bean public MethodSecurityMetadataSource methodSecurityMetadataSource() { List<MethodSecurityMetadataSource> sources = new ArrayList<>(); ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory( getExpressionHandler()); MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource(); if (customMethodSecurityMetadataSource != null) { sources.add(customMethodSecurityMetadataSource); } boolean hasCustom = customMethodSecurityMetadataSource != null; boolean isPrePostEnabled = prePostEnabled(); boolean isSecuredEnabled = securedEnabled(); boolean isJsr250Enabled = jsr250Enabled(); if (!isPrePostEnabled && !isSecuredEnabled && !isJsr250Enabled && !hasCustom) { throw new IllegalStateException("In the composition of all global method configuration, " + "no annotation support was actually activated"); } if (isPrePostEnabled) { sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory)); } if (isSecuredEnabled) { sources.add(new SecuredAnnotationSecurityMetadataSource()); } if (isJsr250Enabled) { GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class); Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource = this.context .getBean(Jsr250MethodSecurityMetadataSource.class); if (grantedAuthorityDefaults != null) { jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix()); } sources.add(jsr250MethodSecurityMetadataSource); } return new DelegatingMethodSecurityMetadataSource(sources); }