org.springframework.security.access.method
Class AbstractFallbackMethodSecurityMetadataSource
java.lang.Object
org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
- All Implemented Interfaces:
- org.springframework.aop.framework.AopInfrastructureBean, MethodSecurityMetadataSource, SecurityMetadataSource
- Direct Known Subclasses:
- Jsr250MethodSecurityMetadataSource, MapBasedMethodSecurityMetadataSource, SecuredAnnotationSecurityMetadataSource
public abstract class AbstractFallbackMethodSecurityMetadataSource
- extends AbstractMethodSecurityMetadataSource
Abstract implementation of MethodSecurityMetadataSource that supports both Spring AOP and AspectJ and
performs attribute resolution from: 1. specific target method; 2. target class; 3. declaring method;
4. declaring class/interface. Use with DelegatingMethodSecurityMetadataSource for caching support.
This class mimics the behaviour of Spring's AbstractFallbackTransactionAttributeSource class.
Note that this class cannot extract security metadata where that metadata is expressed by way of
a target method/class (i.e. #1 and #2 above) AND the target method/class is encapsulated in another
proxy object. Spring Security does not walk a proxy chain to locate the concrete/final target object.
Consider making Spring Security your final advisor (so it advises the final target, as opposed to
another proxy), move the metadata to declared methods or interfaces the proxy implements, or provide
your own replacement MethodSecurityMetadataSource.
- Since:
- 2.0
|
Method Summary |
protected abstract java.util.Collection<ConfigAttribute> |
findAttributes(java.lang.Class<?> clazz)
Obtains the security metadata registered against the specified class. |
protected abstract java.util.Collection<ConfigAttribute> |
findAttributes(java.lang.reflect.Method method,
java.lang.Class<?> targetClass)
Obtains the security metadata applicable to the specified method invocation. |
java.util.Collection<ConfigAttribute> |
getAttributes(java.lang.reflect.Method method,
java.lang.Class<?> targetClass)
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AbstractFallbackMethodSecurityMetadataSource
public AbstractFallbackMethodSecurityMetadataSource()
getAttributes
public java.util.Collection<ConfigAttribute> getAttributes(java.lang.reflect.Method method,
java.lang.Class<?> targetClass)
findAttributes
protected abstract java.util.Collection<ConfigAttribute> findAttributes(java.lang.reflect.Method method,
java.lang.Class<?> targetClass)
- Obtains the security metadata applicable to the specified method invocation.
Note that the Method.getDeclaringClass() may not equal the targetClass.
Both parameters are provided to assist subclasses which may wish to provide advanced
capabilities related to method metadata being "registered" against a method even if the
target class does not declare the method (i.e. the subclass may only inherit the method).
- Parameters:
method - the method for the current invocation (never null)targetClass - the target class for the invocation (may be null)
- Returns:
- the security metadata (or null if no metadata applies)
findAttributes
protected abstract java.util.Collection<ConfigAttribute> findAttributes(java.lang.Class<?> clazz)
- Obtains the security metadata registered against the specified class.
Subclasses should only return metadata expressed at a class level. Subclasses should NOT
aggregate metadata for each method registered against a class, as the abstract superclass
will separate invoke findAttributes(Method, Class) for individual methods as
appropriate.
- Parameters:
clazz - the target class for the invocation (never null)
- Returns:
- the security metadata (or null if no metadata applies)