Example usage for org.springframework.security.util SimpleMethodInvocation SimpleMethodInvocation

List of usage examples for org.springframework.security.util SimpleMethodInvocation SimpleMethodInvocation

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.util.*
  5. SimpleMethodInvocation
  6. SimpleMethodInvocation

Introduction

In this page you can find the example usage for org.springframework.security.util SimpleMethodInvocation SimpleMethodInvocation.

Prototype

public SimpleMethodInvocation(Object targetObject, Method method, Object... arguments)

Source Link

Usage

From source file:org.vaadin.addons.springsecurityviewprovider.SpringSecurityViewProvider.java

@SuppressWarnings("unchecked")
public final static ViewProvider createViewProvider(final Authentication authentication,
        Boolean enableCaching) {/* w  w  w.j a  v a2 s .c  om*/
    final SpringSecurityViewProvider springViewProvider = new SpringSecurityViewProvider();
    springViewProvider.enableCaching = enableCaching;

    try {
        final ApplicationContext applicationContext = springViewProvider.applicationContext;

        // Retrieve the default SecurityExpressionHandler 
        final MethodSecurityExpressionHandler securityExpressionHandler = applicationContext
                .getBean(DefaultMethodSecurityExpressionHandler.class);
        // The method that is protected in the end
        final Method getViewMethod = SpringSecurityViewProvider.class.getMethod("getView", String.class);
        // A parser to evaluate parse the permissions.
        final SpelExpressionParser parser = new SpelExpressionParser();

        // Although beans can be retrieved by annotation they must be retrieved by name
        // to avoid instanciating them
        for (String beanName : applicationContext.getBeanDefinitionNames()) {
            final Class<?> beanClass = applicationContext.getType(beanName);
            // only work with Views that are described by our specialed Description
            if (beanClass.isAnnotationPresent(ViewDescription.class)
                    && View.class.isAssignableFrom(beanClass)) {
                final ViewDescription viewDescription = beanClass.getAnnotation(ViewDescription.class);
                // requires no special permissions and can be immediatly added
                if (StringUtils.isBlank(viewDescription.requiredPermissions())) {
                    springViewProvider.views.put(viewDescription.name(), (Class<? extends View>) beanClass);
                }
                // requires permissions
                else {
                    // this is actually borrowed from the code in org.springframework.security.access.prepost.PreAuthorize
                    final EvaluationContext evaluationContext = securityExpressionHandler
                            .createEvaluationContext(authentication, new SimpleMethodInvocation(
                                    springViewProvider, getViewMethod, viewDescription.name()));
                    // only add the view to my provider if the permissions evaluate to true                  
                    if (ExpressionUtils.evaluateAsBoolean(
                            parser.parseExpression(viewDescription.requiredPermissions()), evaluationContext))
                        springViewProvider.views.put(viewDescription.name(), (Class<? extends View>) beanClass);
                }
            }
        }
    } catch (NoSuchMethodException | SecurityException e) {
        // Won't happen
    }

    return springViewProvider;
}