List of usage examples for org.springframework.security.util SimpleMethodInvocation SimpleMethodInvocation
public SimpleMethodInvocation(Object targetObject, Method method, Object... arguments)
From source file:org.vaadin.addons.springsecurityviewprovider.SpringSecurityViewProvider.java
@SuppressWarnings("unchecked") public final static ViewProvider createViewProvider(final Authentication authentication, Boolean enableCaching) {/* w w w.j a v a2 s .c om*/ final SpringSecurityViewProvider springViewProvider = new SpringSecurityViewProvider(); springViewProvider.enableCaching = enableCaching; try { final ApplicationContext applicationContext = springViewProvider.applicationContext; // Retrieve the default SecurityExpressionHandler final MethodSecurityExpressionHandler securityExpressionHandler = applicationContext .getBean(DefaultMethodSecurityExpressionHandler.class); // The method that is protected in the end final Method getViewMethod = SpringSecurityViewProvider.class.getMethod("getView", String.class); // A parser to evaluate parse the permissions. final SpelExpressionParser parser = new SpelExpressionParser(); // Although beans can be retrieved by annotation they must be retrieved by name // to avoid instanciating them for (String beanName : applicationContext.getBeanDefinitionNames()) { final Class<?> beanClass = applicationContext.getType(beanName); // only work with Views that are described by our specialed Description if (beanClass.isAnnotationPresent(ViewDescription.class) && View.class.isAssignableFrom(beanClass)) { final ViewDescription viewDescription = beanClass.getAnnotation(ViewDescription.class); // requires no special permissions and can be immediatly added if (StringUtils.isBlank(viewDescription.requiredPermissions())) { springViewProvider.views.put(viewDescription.name(), (Class<? extends View>) beanClass); } // requires permissions else { // this is actually borrowed from the code in org.springframework.security.access.prepost.PreAuthorize final EvaluationContext evaluationContext = securityExpressionHandler .createEvaluationContext(authentication, new SimpleMethodInvocation( springViewProvider, getViewMethod, viewDescription.name())); // only add the view to my provider if the permissions evaluate to true if (ExpressionUtils.evaluateAsBoolean( parser.parseExpression(viewDescription.requiredPermissions()), evaluationContext)) springViewProvider.views.put(viewDescription.name(), (Class<? extends View>) beanClass); } } } } catch (NoSuchMethodException | SecurityException e) { // Won't happen } return springViewProvider; }