Package org.springframework.webflow.security

Class SecurityFlowExecutionListener

java.lang.Object
org.springframework.webflow.security.SecurityFlowExecutionListener
All Implemented Interfaces:
FlowExecutionListener
public class SecurityFlowExecutionListener extends Object implements FlowExecutionListener
Flow security integration with Spring Security
Author:
Scott Andrews

  • Constructor Details

    • SecurityFlowExecutionListener

      public SecurityFlowExecutionListener()

  • Method Details

    • getAccessDecisionManager

      public org.springframework.security.access.AccessDecisionManager getAccessDecisionManager()
      Get the access decision manager that makes flow authorization decisions.
      Returns:
      the decision manager

    • setAccessDecisionManager

      public void setAccessDecisionManager(org.springframework.security.access.AccessDecisionManager accessDecisionManager)
      Set the access decision manager that makes flow authorization decisions.
      Parameters:
      accessDecisionManager - the decision manager to user

    • sessionCreating

      public void sessionCreating(RequestContext context, FlowDefinition definition)
      Description copied from interface: FlowExecutionListener
      Called to indicate a new flow definition session is about to be created. Called before the session is created. An exception may be thrown from this method to veto the start operation. Any type of runtime exception can be used for this purpose.
      Specified by:
      sessionCreating in interface FlowExecutionListener
      Parameters:
      context - the current flow request context
      definition - the flow for which a new session is starting

    • stateEntering

      public void stateEntering(RequestContext context, StateDefinition state) throws EnterStateVetoException
      Description copied from interface: FlowExecutionListener
      Called when a state transitions, after the transition is matched but before the transition occurs.
      Specified by:
      stateEntering in interface FlowExecutionListener
      Parameters:
      context - the current flow request context
      state - the proposed state to transition to
      Throws:
      EnterStateVetoException - when entering the state is not allowed

    • transitionExecuting

      public void transitionExecuting(RequestContext context, TransitionDefinition transition)
      Description copied from interface: FlowExecutionListener
      Called when a transition is matched but before the transition occurs.
      Specified by:
      transitionExecuting in interface FlowExecutionListener
      Parameters:
      context - the current flow request context
      transition - the proposed transition

    • decide

      protected void decide(SecurityRule rule, Object object)
      Performs a Spring Security authorization decision. Decision will use the provided AccessDecisionManager. If no AccessDecisionManager is provided a role based manager will be selected according to the comparison type of the rule.
      Parameters:
      rule - the rule to base the decision
      object - the execution listener phase

    • getConfigAttributes

      protected Collection<org.springframework.security.access.ConfigAttribute> getConfigAttributes(SecurityRule rule)
      Convert SecurityRule into a form understood by Spring Security
      Parameters:
      rule - the rule to convert
      Returns:
      list of ConfigAttributes for Spring Security