GlobalMethodSecurityConfiguration (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.config.annotation.method.configuration
Class GlobalMethodSecurityConfiguration

java.lang.Object
  org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

All Implemented Interfaces:: Aware, ImportAware

@Configuration public class GlobalMethodSecurityConfiguration
extends Object
implements ImportAware
extends Object
implements ImportAware

Base Configuration for enabling global method security. Classes may extend this class to customize the defaults, but must be sure to specify the EnableGlobalMethodSecurity annotation on the subclass.

Since:: 3.2
See Also:: EnableGlobalMethodSecurity

Constructor Summary
`GlobalMethodSecurityConfiguration()`

Method Summary
`protected AccessDecisionManager`	`accessDecisionManager()` Allows subclasses to provide a custom `AccessDecisionManager`.
`protected AfterInvocationManager`	`afterInvocationManager()` Provide a custom `AfterInvocationManager` for the default implementation of `methodSecurityInterceptor()`.
`protected AuthenticationManager`	`authenticationManager()` Allows providing a custom `AuthenticationManager`.
`protected MethodSecurityMetadataSource`	`customMethodSecurityMetadataSource()` Provides a custom `MethodSecurityMetadataSource` that is registered with the `methodSecurityMetadataSource()`.
`protected MethodSecurityExpressionHandler`	`expressionHandler()` Provide a `MethodSecurityExpressionHandler` that is registered with the `ExpressionBasedPreInvocationAdvice`.
`protected MethodSecurityExpressionHandler`	`getExpressionHandler()` Gets the `MethodSecurityExpressionHandler` or creates it using `expressionHandler`.
`MethodSecurityMetadataSourceAdvisor`	`metaDataSourceAdvisor()` Obtains the `MethodSecurityMetadataSourceAdvisor` to be used.
`MethodSecurityExpressionHandler`	`methodExpressionHandler()` Creates the `MethodSecurityExpressionHandler` to be used.
`org.aopalliance.intercept.MethodInterceptor`	`methodSecurityInterceptor()` Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.
`MethodSecurityMetadataSource`	`methodSecurityMetadataSource()` Provides the default `MethodSecurityMetadataSource` that will be used.
`PreInvocationAuthorizationAdvice`	`preInvocationAuthorizationAdvice()` Creates the `PreInvocationAuthorizationAdvice` to be used.
`protected void`	`registerAuthentication(AuthenticationManagerBuilder auth)` Sub classes can override this method to register different types of authentication.
`protected RunAsManager`	`runAsManager()` Provide a custom `RunAsManager` for the default implementation of `methodSecurityInterceptor()`.
`void`	`setApplicationContext(ApplicationContext context)`
`void`	`setImportMetadata(AnnotationMetadata importMetadata)` Obtains the attributes from `EnableGlobalMethodSecurity` if this class was imported using the `EnableGlobalMethodSecurity` annotation.
`void`	`setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

GlobalMethodSecurityConfiguration

public GlobalMethodSecurityConfiguration()

Method Detail

methodSecurityInterceptor

@Bean
public org.aopalliance.intercept.MethodInterceptor methodSecurityInterceptor()
                                                                      throws Exception

Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.

Subclasses can override this method to provide a different MethodInterceptor.

Returns:
Throws:: Exception

afterInvocationManager

protected AfterInvocationManager afterInvocationManager()

Provide a custom AfterInvocationManager for the default implementation of methodSecurityInterceptor(). The default is null if pre post is not enabled. Otherwise, it returns a AfterInvocationProviderManager.

Subclasses should override this method to provide a custom AfterInvocationManager

Returns:

runAsManager

protected RunAsManager runAsManager()

Provide a custom RunAsManager for the default implementation of methodSecurityInterceptor(). The default is null.

Returns:

accessDecisionManager

protected AccessDecisionManager accessDecisionManager()

Allows subclasses to provide a custom AccessDecisionManager. The default is a AffirmativeBased with the following voters:

Returns:

expressionHandler

protected MethodSecurityExpressionHandler expressionHandler()

Provide a MethodSecurityExpressionHandler that is registered with the ExpressionBasedPreInvocationAdvice. The default is DefaultMethodSecurityExpressionHandler

Subclasses may override this method to provide a custom MethodSecurityExpressionHandler

Returns:

getExpressionHandler

protected final MethodSecurityExpressionHandler getExpressionHandler()

Gets the MethodSecurityExpressionHandler or creates it using expressionHandler.

Returns:: a non null MethodSecurityExpressionHandler

customMethodSecurityMetadataSource

protected MethodSecurityMetadataSource customMethodSecurityMetadataSource()

Provides a custom MethodSecurityMetadataSource that is registered with the methodSecurityMetadataSource(). Default is null.

Returns:: a custom MethodSecurityMetadataSource that is registered with the methodSecurityMetadataSource()

authenticationManager

protected AuthenticationManager authenticationManager()
                                               throws Exception

Allows providing a custom AuthenticationManager. The default is to use any authentication mechanisms registered by registerAuthentication(AuthenticationManagerBuilder). If registerAuthentication(AuthenticationManagerBuilder) was not overriden, then an AuthenticationManager is attempted to be autowired by type.

Returns:
Throws:: Exception

registerAuthentication

protected void registerAuthentication(AuthenticationManagerBuilder auth)
                               throws Exception

Sub classes can override this method to register different types of authentication. If not overridden, registerAuthentication(AuthenticationManagerBuilder) will attempt to autowire by type.

Parameters:: auth - the AuthenticationManagerBuilder used to register different authentication mechanisms for the global method security.
Throws:: Exception

methodSecurityMetadataSource

@Bean
public MethodSecurityMetadataSource methodSecurityMetadataSource()

Provides the default MethodSecurityMetadataSource that will be used. It creates a DelegatingMethodSecurityMetadataSource based upon customMethodSecurityMetadataSource() and the attributes on EnableGlobalMethodSecurity.

Returns:

methodExpressionHandler

@Bean
public MethodSecurityExpressionHandler methodExpressionHandler()

Creates the MethodSecurityExpressionHandler to be used.

Returns:

preInvocationAuthorizationAdvice

@Bean
public PreInvocationAuthorizationAdvice preInvocationAuthorizationAdvice()

Creates the PreInvocationAuthorizationAdvice to be used. The default is ExpressionBasedPreInvocationAdvice.

Returns:

metaDataSourceAdvisor

@Role(value=2)
@Bean
public MethodSecurityMetadataSourceAdvisor metaDataSourceAdvisor()

Obtains the MethodSecurityMetadataSourceAdvisor to be used.

Returns:

setImportMetadata

public final void setImportMetadata(AnnotationMetadata importMetadata)

Obtains the attributes from EnableGlobalMethodSecurity if this class was imported using the EnableGlobalMethodSecurity annotation.

Specified by:: setImportMetadata in interface ImportAware

setApplicationContext

@Autowired
public void setApplicationContext(ApplicationContext context)

setObjectPostProcessor

@Autowired(required=false)
public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor)