public class RunAsManagerImpl extends java.lang.Object implements RunAsManager, org.springframework.beans.factory.InitializingBean
RunAsManager
.
Is activated if any ConfigAttribute.getAttribute()
is prefixed with
RUN_AS_
. If found, it generates a new RunAsUserToken
containing
the same principal, credentials and granted authorities as the original
Authentication
object, along with SimpleGrantedAuthority
s for each
RUN_AS_
indicated. The created SimpleGrantedAuthority
s will
be prefixed with a special prefix indicating that it is a role (default prefix value is
ROLE_
), and then the remainder of the RUN_AS_
keyword. For
example, RUN_AS_FOO
will result in the creation of a granted authority of
ROLE_RUN_AS_FOO
.
The role prefix may be overridden from the default, to match that used elsewhere, for
example when using an existing role database with another prefix. An empty role prefix
may also be specified. Note however that there are potential issues with using an empty
role prefix since different categories of ConfigAttribute
can not be properly
discerned based on the prefix, with possible consequences when performing voting and
other actions. However, this option may be of some use when using pre-existing role
names without a prefix, and no ability exists to prefix them with a role prefix on
reading them in, such as provided for example in
JdbcDaoImpl
.
Constructor and Description |
---|
RunAsManagerImpl() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
Authentication |
buildRunAs(Authentication authentication,
java.lang.Object object,
java.util.Collection<ConfigAttribute> attributes)
Returns a replacement
Authentication object for the current secure
object invocation, or null if replacement not required. |
java.lang.String |
getKey() |
java.lang.String |
getRolePrefix() |
void |
setKey(java.lang.String key) |
void |
setRolePrefix(java.lang.String rolePrefix)
Allows the default role prefix of
ROLE_ to be overridden. |
boolean |
supports(java.lang.Class<?> clazz)
This implementation supports any type of class, because it does not query the
presented secure object.
|
boolean |
supports(ConfigAttribute attribute)
Indicates whether this
RunAsManager is able to process the passed
ConfigAttribute . |
public void afterPropertiesSet() throws java.lang.Exception
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
java.lang.Exception
public Authentication buildRunAs(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> attributes)
RunAsManager
Authentication
object for the current secure
object invocation, or null
if replacement not required.buildRunAs
in interface RunAsManager
authentication
- the caller invoking the secure objectobject
- the secured object being calledattributes
- the configuration attributes associated with the secure object
being invokednull
if the Authentication
should be left
as ispublic java.lang.String getKey()
public java.lang.String getRolePrefix()
public void setKey(java.lang.String key)
public void setRolePrefix(java.lang.String rolePrefix)
ROLE_
to be overridden. May be set
to an empty value, although this is usually not desirable.rolePrefix
- the new prefixpublic boolean supports(ConfigAttribute attribute)
RunAsManager
RunAsManager
is able to process the passed
ConfigAttribute
.
This allows the AbstractSecurityInterceptor
to check every
configuration attribute can be consumed by the configured
AccessDecisionManager
and/or RunAsManager
and/or
AfterInvocationManager
.
supports
in interface RunAsManager
attribute
- a configuration attribute that has been configured against the
AbstractSecurityInterceptor
true
if this RunAsManager
can support the passed
configuration attributepublic boolean supports(java.lang.Class<?> clazz)
supports
in interface RunAsManager
clazz
- the secure objecttrue