Example usage for org.springframework.security.access.expression.method MethodSecurityExpressionHandler createEvaluationContext

List of usage examples for org.springframework.security.access.expression.method MethodSecurityExpressionHandler createEvaluationContext

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.access.expression.method.*
  5. MethodSecurityExpressionHandler
  6. createEvaluationContext

Introduction

In this page you can find the example usage for org.springframework.security.access.expression.method MethodSecurityExpressionHandler createEvaluationContext.

Prototype

EvaluationContext createEvaluationContext(Authentication authentication, T invocation);

Source Link

Document

Provides an evaluation context in which to evaluate security expressions for the invocation type.

Usage

From source file:org.vaadin.addons.springsecurityviewprovider.SpringSecurityViewProvider.java

@SuppressWarnings("unchecked")
public final static ViewProvider createViewProvider(final Authentication authentication,
        Boolean enableCaching) {// ww w . ja  v  a 2s  . co m
    final SpringSecurityViewProvider springViewProvider = new SpringSecurityViewProvider();
    springViewProvider.enableCaching = enableCaching;

    try {
        final ApplicationContext applicationContext = springViewProvider.applicationContext;

        // Retrieve the default SecurityExpressionHandler 
        final MethodSecurityExpressionHandler securityExpressionHandler = applicationContext
                .getBean(DefaultMethodSecurityExpressionHandler.class);
        // The method that is protected in the end
        final Method getViewMethod = SpringSecurityViewProvider.class.getMethod("getView", String.class);
        // A parser to evaluate parse the permissions.
        final SpelExpressionParser parser = new SpelExpressionParser();

        // Although beans can be retrieved by annotation they must be retrieved by name
        // to avoid instanciating them
        for (String beanName : applicationContext.getBeanDefinitionNames()) {
            final Class<?> beanClass = applicationContext.getType(beanName);
            // only work with Views that are described by our specialed Description
            if (beanClass.isAnnotationPresent(ViewDescription.class)
                    && View.class.isAssignableFrom(beanClass)) {
                final ViewDescription viewDescription = beanClass.getAnnotation(ViewDescription.class);
                // requires no special permissions and can be immediatly added
                if (StringUtils.isBlank(viewDescription.requiredPermissions())) {
                    springViewProvider.views.put(viewDescription.name(), (Class<? extends View>) beanClass);
                }
                // requires permissions
                else {
                    // this is actually borrowed from the code in org.springframework.security.access.prepost.PreAuthorize
                    final EvaluationContext evaluationContext = securityExpressionHandler
                            .createEvaluationContext(authentication, new SimpleMethodInvocation(
                                    springViewProvider, getViewMethod, viewDescription.name()));
                    // only add the view to my provider if the permissions evaluate to true                  
                    if (ExpressionUtils.evaluateAsBoolean(
                            parser.parseExpression(viewDescription.requiredPermissions()), evaluationContext))
                        springViewProvider.views.put(viewDescription.name(), (Class<? extends View>) beanClass);
                }
            }
        }
    } catch (NoSuchMethodException | SecurityException e) {
        // Won't happen
    }

    return springViewProvider;
}