public class RunAsManagerImpl extends java.lang.Object implements RunAsManager, org.springframework.beans.factory.InitializingBean
RunAsManager.
Is activated if any ConfigAttribute.getAttribute() is prefixed with
RUN_AS_. If found, it generates a new RunAsUserToken containing
the same principal, credentials and granted authorities as the original
Authentication object, along with SimpleGrantedAuthoritys for each
RUN_AS_ indicated. The created SimpleGrantedAuthoritys will
be prefixed with a special prefix indicating that it is a role (default prefix value is
ROLE_), and then the remainder of the RUN_AS_ keyword. For
example, RUN_AS_FOO will result in the creation of a granted authority of
ROLE_RUN_AS_FOO.
The role prefix may be overridden from the default, to match that used elsewhere, for
example when using an existing role database with another prefix. An empty role prefix
may also be specified. Note however that there are potential issues with using an empty
role prefix since different categories of ConfigAttribute can not be properly
discerned based on the prefix, with possible consequences when performing voting and
other actions. However, this option may be of some use when using pre-existing role
names without a prefix, and no ability exists to prefix them with a role prefix on
reading them in, such as provided for example in
JdbcDaoImpl.
| Constructor and Description |
|---|
RunAsManagerImpl() |
| Modifier and Type | Method and Description |
|---|---|
void |
afterPropertiesSet() |
Authentication |
buildRunAs(Authentication authentication,
java.lang.Object object,
java.util.Collection<ConfigAttribute> attributes)
Returns a replacement
Authentication object for the current secure
object invocation, or null if replacement not required. |
java.lang.String |
getKey() |
java.lang.String |
getRolePrefix() |
void |
setKey(java.lang.String key) |
void |
setRolePrefix(java.lang.String rolePrefix)
Allows the default role prefix of
ROLE_ to be overridden. |
boolean |
supports(java.lang.Class<?> clazz)
This implementation supports any type of class, because it does not query the
presented secure object.
|
boolean |
supports(ConfigAttribute attribute)
Indicates whether this
RunAsManager is able to process the passed
ConfigAttribute. |
public void afterPropertiesSet()
throws java.lang.Exception
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBeanjava.lang.Exceptionpublic Authentication buildRunAs(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> attributes)
RunAsManagerAuthentication object for the current secure
object invocation, or null if replacement not required.buildRunAs in interface RunAsManagerauthentication - the caller invoking the secure objectobject - the secured object being calledattributes - the configuration attributes associated with the secure object
being invokednull if the Authentication should be left
as ispublic java.lang.String getKey()
public java.lang.String getRolePrefix()
public void setKey(java.lang.String key)
public void setRolePrefix(java.lang.String rolePrefix)
ROLE_ to be overridden. May be set
to an empty value, although this is usually not desirable.rolePrefix - the new prefixpublic boolean supports(ConfigAttribute attribute)
RunAsManagerRunAsManager is able to process the passed
ConfigAttribute.
This allows the AbstractSecurityInterceptor to check every
configuration attribute can be consumed by the configured
AccessDecisionManager and/or RunAsManager and/or
AfterInvocationManager.
supports in interface RunAsManagerattribute - a configuration attribute that has been configured against the
AbstractSecurityInterceptortrue if this RunAsManager can support the passed
configuration attributepublic boolean supports(java.lang.Class<?> clazz)
supports in interface RunAsManagerclazz - the secure objecttrue