Class SecurityFlowExecutionListener
java.lang.Object
org.springframework.webflow.security.SecurityFlowExecutionListener
- All Implemented Interfaces:
FlowExecutionListener
Flow security integration with Spring Security
- Author:
- Scott Andrews
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected void
decide
(SecurityRule rule, Object object) Performs a Spring Security authorization decision.org.springframework.security.access.AccessDecisionManager
Get the access decision manager that makes flow authorization decisions.protected Collection<org.springframework.security.access.ConfigAttribute>
Convert SecurityRule into a form understood by Spring Securityvoid
sessionCreating
(RequestContext context, FlowDefinition definition) Called to indicate a new flow definition session is about to be created.void
setAccessDecisionManager
(org.springframework.security.access.AccessDecisionManager accessDecisionManager) Set the access decision manager that makes flow authorization decisions.void
stateEntering
(RequestContext context, StateDefinition state) Called when a state transitions, after the transition is matched but before the transition occurs.void
transitionExecuting
(RequestContext context, TransitionDefinition transition) Called when a transition is matched but before the transition occurs.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.webflow.execution.FlowExecutionListener
eventSignaled, exceptionThrown, paused, requestProcessed, requestSubmitted, resuming, sessionEnded, sessionEnding, sessionStarted, sessionStarting, stateEntered, viewRendered, viewRendering
-
Constructor Details
-
SecurityFlowExecutionListener
public SecurityFlowExecutionListener()
-
-
Method Details
-
getAccessDecisionManager
public org.springframework.security.access.AccessDecisionManager getAccessDecisionManager()Get the access decision manager that makes flow authorization decisions.- Returns:
- the decision manager
-
setAccessDecisionManager
public void setAccessDecisionManager(org.springframework.security.access.AccessDecisionManager accessDecisionManager) Set the access decision manager that makes flow authorization decisions.- Parameters:
accessDecisionManager
- the decision manager to user
-
sessionCreating
Description copied from interface:FlowExecutionListener
Called to indicate a new flow definition session is about to be created. Called before the session is created. An exception may be thrown from this method to veto the start operation. Any type of runtime exception can be used for this purpose.- Specified by:
sessionCreating
in interfaceFlowExecutionListener
- Parameters:
context
- the current flow request contextdefinition
- the flow for which a new session is starting
-
stateEntering
public void stateEntering(RequestContext context, StateDefinition state) throws EnterStateVetoException Description copied from interface:FlowExecutionListener
Called when a state transitions, after the transition is matched but before the transition occurs.- Specified by:
stateEntering
in interfaceFlowExecutionListener
- Parameters:
context
- the current flow request contextstate
- the proposed state to transition to- Throws:
EnterStateVetoException
- when entering the state is not allowed
-
transitionExecuting
Description copied from interface:FlowExecutionListener
Called when a transition is matched but before the transition occurs.- Specified by:
transitionExecuting
in interfaceFlowExecutionListener
- Parameters:
context
- the current flow request contexttransition
- the proposed transition
-
decide
Performs a Spring Security authorization decision. Decision will use the provided AccessDecisionManager. If no AccessDecisionManager is provided a role based manager will be selected according to the comparison type of the rule.- Parameters:
rule
- the rule to base the decisionobject
- the execution listener phase
-
getConfigAttributes
protected Collection<org.springframework.security.access.ConfigAttribute> getConfigAttributes(SecurityRule rule) Convert SecurityRule into a form understood by Spring Security- Parameters:
rule
- the rule to convert- Returns:
- list of ConfigAttributes for Spring Security
-