public class RunAsManagerImpl extends Object implements RunAsManager, InitializingBean
RunAsManager.
Is activated if any ConfigAttribute.getAttribute() is prefixed with RUN_AS_.
If found, it generates a new RunAsUserToken containing the same principal, credentials and granted
authorities as the original Authentication object, along with SimpleGrantedAuthoritys for each
RUN_AS_ indicated. The created SimpleGrantedAuthoritys will be prefixed with a special
prefix indicating that it is a role (default prefix value is ROLE_), and then the remainder of the
RUN_AS_ keyword. For example, RUN_AS_FOO will result in the creation of a granted
authority of ROLE_RUN_AS_FOO.
The role prefix may be overridden from the default, to match that used elsewhere, for example when using an
existing role database with another prefix. An empty role prefix may also be specified. Note however that there are
potential issues with using an empty role prefix since different categories of ConfigAttribute can not be
properly discerned based on the prefix, with possible consequences when performing voting and other actions.
However, this option may be of some use when using pre-existing role names without a prefix, and no ability exists to
prefix them with a role prefix on reading them in, such as provided for example in
JdbcDaoImpl.
| Constructor and Description |
|---|
RunAsManagerImpl() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
Authentication |
buildRunAs(Authentication authentication,
Object object,
Collection<ConfigAttribute> attributes)
Returns a replacement
Authentication object for the current secure object invocation, or
null if replacement not required. |
String |
getKey() |
String |
getRolePrefix() |
void |
setKey(String key) |
void |
setRolePrefix(String rolePrefix)
Allows the default role prefix of
ROLE_ to be overridden. |
boolean |
supports(Class<?> clazz)
This implementation supports any type of class, because it does not query the presented secure object.
|
boolean |
supports(ConfigAttribute attribute)
Indicates whether this
RunAsManager is able to process the passed
ConfigAttribute. |
public void afterPropertiesSet()
throws Exception
afterPropertiesSet in interface InitializingBeanExceptionpublic Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)
RunAsManagerAuthentication object for the current secure object invocation, or
null if replacement not required.buildRunAs in interface RunAsManagerauthentication - the caller invoking the secure objectobject - the secured object being calledattributes - the configuration attributes associated with the secure object being invokednull if
the Authentication should be left as ispublic String getKey()
public String getRolePrefix()
public void setKey(String key)
public void setRolePrefix(String rolePrefix)
ROLE_ to be overridden. May be set to an empty value,
although this is usually not desirable.rolePrefix - the new prefixpublic boolean supports(ConfigAttribute attribute)
RunAsManagerRunAsManager is able to process the passed
ConfigAttribute.This allows the AbstractSecurityInterceptor to check every
configuration attribute can be consumed by the configured AccessDecisionManager and/or
RunAsManager and/or AfterInvocationManager.
supports in interface RunAsManagerattribute - a configuration attribute that has been configured against the
AbstractSecurityInterceptortrue if this RunAsManager can support the passed configuration attributepublic boolean supports(Class<?> clazz)
supports in interface RunAsManagerclazz - the secure objecttrue