@Configuration
public class GlobalMethodSecurityConfiguration
extends java.lang.Object
implements org.springframework.context.annotation.ImportAware, org.springframework.beans.factory.SmartInitializingSingleton
Configuration
for enabling global method security. Classes may extend this
class to customize the defaults, but must be sure to specify the
EnableGlobalMethodSecurity
annotation on the subclass.EnableGlobalMethodSecurity
Constructor and Description |
---|
GlobalMethodSecurityConfiguration() |
@Bean public org.aopalliance.intercept.MethodInterceptor methodSecurityInterceptor() throws java.lang.Exception
accessDecisionManager()
afterInvocationManager()
authenticationManager()
methodSecurityMetadataSource()
runAsManager()
Subclasses can override this method to provide a different
MethodInterceptor
.
java.lang.Exception
public void afterSingletonsInstantiated()
afterSingletonsInstantiated
in interface org.springframework.beans.factory.SmartInitializingSingleton
protected AfterInvocationManager afterInvocationManager()
AfterInvocationManager
for the default implementation of
methodSecurityInterceptor()
. The default is null if pre post is not
enabled. Otherwise, it returns a AfterInvocationProviderManager
.
Subclasses should override this method to provide a custom
AfterInvocationManager
protected RunAsManager runAsManager()
RunAsManager
for the default implementation of
methodSecurityInterceptor()
. The default is null.protected AccessDecisionManager accessDecisionManager()
AccessDecisionManager
. The default is
a AffirmativeBased
with the following voters:
protected MethodSecurityExpressionHandler createExpressionHandler()
MethodSecurityExpressionHandler
that is registered with the
ExpressionBasedPreInvocationAdvice
. The default is
DefaultMethodSecurityExpressionHandler
which optionally will Autowire an
AuthenticationTrustResolver
.
Subclasses may override this method to provide a custom
MethodSecurityExpressionHandler
protected final MethodSecurityExpressionHandler getExpressionHandler()
MethodSecurityExpressionHandler
or creates it using
expressionHandler
.null
MethodSecurityExpressionHandler
protected MethodSecurityMetadataSource customMethodSecurityMetadataSource()
MethodSecurityMetadataSource
that is registered with the
methodSecurityMetadataSource()
. Default is null.MethodSecurityMetadataSource
that is registered with the
methodSecurityMetadataSource()
protected AuthenticationManager authenticationManager() throws java.lang.Exception
AuthenticationManager
. The default is to use any
authentication mechanisms registered by
configure(AuthenticationManagerBuilder)
. If
configure(AuthenticationManagerBuilder)
was not overridden, then an
AuthenticationManager
is attempted to be autowired by type.java.lang.Exception
protected void configure(AuthenticationManagerBuilder auth) throws java.lang.Exception
configure(AuthenticationManagerBuilder)
will attempt to
autowire by type.auth
- the AuthenticationManagerBuilder
used to register different
authentication mechanisms for the global method security.java.lang.Exception
@Bean public MethodSecurityMetadataSource methodSecurityMetadataSource()
MethodSecurityMetadataSource
that will be used. It
creates a DelegatingMethodSecurityMetadataSource
based upon
customMethodSecurityMetadataSource()
and the attributes on
EnableGlobalMethodSecurity
.@Bean public PreInvocationAuthorizationAdvice preInvocationAuthorizationAdvice()
PreInvocationAuthorizationAdvice
to be used. The default is
ExpressionBasedPreInvocationAdvice
.public final void setImportMetadata(org.springframework.core.type.AnnotationMetadata importMetadata)
EnableGlobalMethodSecurity
if this class was
imported using the EnableGlobalMethodSecurity
annotation.setImportMetadata
in interface org.springframework.context.annotation.ImportAware
@Autowired(required=false) public void setObjectPostProcessor(ObjectPostProcessor<java.lang.Object> objectPostProcessor)
@Autowired(required=false) public void setJsr250MethodSecurityMetadataSource(Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource)
@Autowired(required=false) public void setMethodSecurityExpressionHandler(java.util.List<MethodSecurityExpressionHandler> handlers)
@Autowired public void setApplicationContext(org.springframework.context.ApplicationContext context)