public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource
PrePostInvocationAttributeFactory, thus decoupling itself from the mechanism which will enforce the annotations' behaviour.
Annotations may be specified on classes or methods, and method-specific annotations will take precedence. If you use any annotation and do not specify a pre-authorization condition, then the method will be allowed as if a @PreAuthorize("permitAll") were present.
Since we are handling multiple annotations here, it's possible that we may have to combine annotations defined in multiple locations for a single method - they may be defined on the method itself, or at interface or class level.
|Constructor and Description|
|Modifier and Type||Method and Description|
If available, returns all of the
public PrePostAnnotationSecurityMetadataSource(PrePostInvocationAttributeFactory attributeFactory)
public Collection<ConfigAttribute> getAllConfigAttributes()
ConfigAttributes defined by the implementing class.
This is used by the
AbstractSecurityInterceptor to perform startup time
validation of each
ConfigAttribute configured against it.