org.springframework.security.access.prepost
Class PrePostAnnotationSecurityMetadataSource
java.lang.Object
org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
- All Implemented Interfaces:
- AopInfrastructureBean, MethodSecurityMetadataSource, SecurityMetadataSource
public class PrePostAnnotationSecurityMetadataSource
- extends AbstractMethodSecurityMetadataSource
MethodSecurityMetadataSource which extracts metadata from the @PreFilter and @PreAuthorize annotations
placed on a method. This class is merely responsible for locating the relevant annotations (if any). It delegates
the actual ConfigAttribute creation to its PrePostInvocationAttributeFactory
, thus
decoupling itself from the mechanism which will enforce the annotations' behaviour.
Annotations may be specified on classes or methods, and method-specific annotations will take precedence.
If you use any annotation and do not specify a pre-authorization condition, then the method will be
allowed as if a @PreAuthorize("permitAll") were present.
Since we are handling multiple annotations here, it's possible that we may have to combine annotations defined in
multiple locations for a single method - they may be defined on the method itself, or at interface or class level.
- Since:
- 3.0
- See Also:
PreInvocationAuthorizationAdviceVoter
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
PrePostAnnotationSecurityMetadataSource
public PrePostAnnotationSecurityMetadataSource(PrePostInvocationAttributeFactory attributeFactory)
getAttributes
public Collection<ConfigAttribute> getAttributes(Method method,
Class<?> targetClass)
getAllConfigAttributes
public Collection<ConfigAttribute> getAllConfigAttributes()
- Description copied from interface:
SecurityMetadataSource
- If available, returns all of the
ConfigAttribute
s defined by the implementing class.
This is used by the AbstractSecurityInterceptor
to perform startup time validation of each
ConfigAttribute
configured against it.
- Returns:
- the
ConfigAttribute
s or null
if unsupported