PrePostAnnotationSecurityMetadataSource

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
- - org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource

All Implemented Interfaces:

org.springframework.aop.framework.AopInfrastructureBean, MethodSecurityMetadataSource, SecurityMetadataSource
```
public class PrePostAnnotationSecurityMetadataSource
extends AbstractMethodSecurityMetadataSource
```
MethodSecurityMetadataSource which extracts metadata from the @PreFilter and @PreAuthorize annotations placed on a method. This class is merely responsible for locating the relevant annotations (if any). It delegates the actual ConfigAttribute creation to its PrePostInvocationAttributeFactory, thus decoupling itself from the mechanism which will enforce the annotations' behaviour.
Annotations may be specified on classes or methods, and method-specific annotations will take precedence. If you use any annotation and do not specify a pre-authorization condition, then the method will be allowed as if a @PreAuthorize("permitAll") were present.
Since we are handling multiple annotations here, it's possible that we may have to combine annotations defined in multiple locations for a single method - they may be defined on the method itself, or at interface or class level.

Since:

3.0

See Also:

PreInvocationAuthorizationAdviceVoter

Field Summary
- Fields inherited from class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
  logger

Constructor Summary

Constructors
Constructor and Description

PrePostAnnotationSecurityMetadataSource(PrePostInvocationAttributeFactory attributeFactory)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`java.util.Collection<ConfigAttribute>`	`getAllConfigAttributes()` If available, returns all of the `ConfigAttribute`s defined by the implementing class.
`java.util.Collection<ConfigAttribute>`	`getAttributes(java.lang.reflect.Method method, java.lang.Class<?> targetClass)`

Methods inherited from class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
getAttributes, supports

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - PrePostAnnotationSecurityMetadataSource
```
public PrePostAnnotationSecurityMetadataSource(PrePostInvocationAttributeFactory attributeFactory)
```
- Method Detail
  - getAttributes
```
public java.util.Collection<ConfigAttribute> getAttributes(java.lang.reflect.Method method,
                                                           java.lang.Class<?> targetClass)
```
  - getAllConfigAttributes
```
public java.util.Collection<ConfigAttribute> getAllConfigAttributes()
```
    Description copied from interface: SecurityMetadataSource
    
    If available, returns all of the ConfigAttributes defined by the implementing class.
    This is used by the AbstractSecurityInterceptor to perform startup time validation of each ConfigAttribute configured against it.
    
    Returns:
    
    the ConfigAttributes or null if unsupported

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method