|
Spring Security Framework | |||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | |||||||||
See:
Description
| Interface Summary | |
|---|---|
| ObjectDefinitionSource | Implemented by classes that store and can identify the ConfigAttributeDefinition that applies to a given secure object
invocation. |
| Class Summary | |
|---|---|
| AbstractSecurityInterceptor | Abstract class that implements security interception for secure objects. |
| InterceptorStatusToken | A return object received by AbstractSecurityInterceptor subclasses. |
Actually enforces the security and ties the whole security system together.
A secure object is a term frequently used throughout the security
system. It does not refer to a business object that is being
secured, but instead refers to some infrastructure object that can have
security facilities provided for it by Spring Security.
For example, one secure object would be MethodInvocation,
whilst another would be HTTP
org.springframwork.security.intercept.web.FilterInvocation. Note these are
infrastructure objects and their design allows them to represent a large
variety of actual resources that might need to be secured, such as business
objects or HTTP request URLs.
Each secure object typically has its
own org.springframwork.security.intercept package.
Each package usually includes a concrete security interceptor (which
subclasses AbstractSecurityInterceptor,
an appropriate ObjectDefinitionSource
for the type of resources the secure object represents, and a property editor
to populate the ObjectDefinitionSource.
It is simple to create new secure object types, given the
AbstractSecurityInterceptor provides the majority of the logic
and other specialised packages provide the authentication, authorization,
run-as replacement management and ContextHolder population.
|
Spring Security Framework | |||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | |||||||||