| | |
- __builtin__.object
-
- AbstractSecurityInterceptor
-
- MethodSecurityInterceptor(springpython.aop.MethodInterceptor, AbstractSecurityInterceptor)
- InterceptorStatusToken
- ObjectDefinitionSource
-
- AbstractMethodDefinitionSource
-
- MethodDefinitionMap
- springpython.aop.MethodInterceptor(__builtin__.object)
-
- MethodSecurityInterceptor(springpython.aop.MethodInterceptor, AbstractSecurityInterceptor)
class AbstractSecurityInterceptor(__builtin__.object) |
| |
Abstract class that implements security interception for secure objects.
It will implements the proper handling of secure object invocations, being:
1. Obtain the Authentication object from the SecurityContextHolder.
2. Determine if the request relates to a secured or public invocation by looking up the secure object request
against the ObjectDefinitionSource.
3. For an invocation that is secured (there is a ConfigAttributeDefinition for the secure object invocation):
1. If either the Authentication.isAuthenticated() returns false, or the alwaysReauthenticate is true,
authenticate the request against the configured AuthenticationManager. When authenticated, replace
the Authentication object on the SecurityContextHolder with the returned value.
2. Authorize the request against the configured AccessDecisionManager.
(3. Perform any run-as replacement via the configured RunAsManager. FUTURE)
4. Pass control back to the concrete subclass, which will actually proceed with executing the object.
An InterceptorStatusToken is returned so that after the subclass has finished proceeding with execution
of the object, its finally clause can ensure the AbstractSecurityInterceptor is re-called and tidies up
correctly.
5. The concrete subclass will re-call the AbstractSecurityInterceptor via the after_invocation(InterceptorStatusToken, Object) method.
(6. If the RunAsManager replaced the Authentication object, return the SecurityContextHolder to the object
that existed after the call to AuthenticationManager. FUTURE)
7. If an AfterInvocationManager is defined, invoke the invocation manager and allow it to replace the object
due to be returned to the caller.
(4. For an invocation that is public (there is no ConfigAttributeDefinition for the secure object invocation):
1. As described above, the concrete subclass will be returned an InterceptorStatusToken which is subsequently
re-presented to the AbstractSecurityInterceptor after the secure object has been executed. The
AbstractSecurityInterceptor will take no further action when its after_invocation(InterceptorStatusToken, Object)
is called. FUTURE)
5. Control again returns to the concrete subclass, along with the Object that should be returned to the caller. The
subclass will then return that result or exception to the original caller.
|
| |
Methods defined here:
- __init__(self, auth_manager=None, access_decision_mgr=None, obj_def_source=None)
- after_invocation(self, token, results)
- As a minimum, this needs to pass the results right on through. Subclasses can extend this behavior
to utilize the token information.
- before_invocation(self, invocation)
- obtain_obj_def_source(self)
Data descriptors defined here:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class ObjectDefinitionSource(__builtin__.object) |
| |
Implemented by classes that store and can identify the ConfigAttributeDefinition that applies to a given secure object invocation.
|
| |
Methods defined here:
- get_attributes(obj)
- Accesses the ConfigAttributeDefinition that applies to a given secure object.
- get_conf_attr_defs()
- If available, all of the ConfigAttributeDefinitions defined by the implementing class.
- supports(cls)
- Indicates whether the ObjectDefinitionSource implementation is able to provide ConfigAttributeDefinitions for
the indicated secure object type.
Data descriptors defined here:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
| |