Package org.springframework.security.access.intercept

Class RunAsManagerImpl

  • All Implemented Interfaces:
    org.springframework.beans.factory.InitializingBean, RunAsManager
    public class RunAsManagerImpl
extends java.lang.Object
implements RunAsManager, org.springframework.beans.factory.InitializingBean
    Basic concrete implementation of a RunAsManager.

    Is activated if any ConfigAttribute.getAttribute() is prefixed with RUN_AS_. If found, it generates a new RunAsUserToken containing the same principal, credentials and granted authorities as the original Authentication object, along with SimpleGrantedAuthoritys for each RUN_AS_ indicated. The created SimpleGrantedAuthoritys will be prefixed with a special prefix indicating that it is a role (default prefix value is ROLE_), and then the remainder of the RUN_AS_ keyword. For example, RUN_AS_FOO will result in the creation of a granted authority of ROLE_RUN_AS_FOO.

    The role prefix may be overridden from the default, to match that used elsewhere, for example when using an existing role database with another prefix. An empty role prefix may also be specified. Note however that there are potential issues with using an empty role prefix since different categories of ConfigAttribute can not be properly discerned based on the prefix, with possible consequences when performing voting and other actions. However, this option may be of some use when using pre-existing role names without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for example in JdbcDaoImpl.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void afterPropertiesSet()  
      Authentication buildRunAs​(Authentication authentication, java.lang.Object object, java.util.Collection<ConfigAttribute> attributes)
      Returns a replacement Authentication object for the current secure object invocation, or null if replacement not required.
      java.lang.String getKey()  
      java.lang.String getRolePrefix()  
      void setKey​(java.lang.String key)  
      void setRolePrefix​(java.lang.String rolePrefix)
      Allows the default role prefix of ROLE_ to be overridden.
      boolean supports​(java.lang.Class<?> clazz)
      This implementation supports any type of class, because it does not query the presented secure object.
      boolean supports​(ConfigAttribute attribute)
      Indicates whether this RunAsManager is able to process the passed ConfigAttribute.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • RunAsManagerImpl

        public RunAsManagerImpl()

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

      • buildRunAs

        public Authentication buildRunAs​(Authentication authentication,
                                 java.lang.Object object,
                                 java.util.Collection<ConfigAttribute> attributes)
        Description copied from interface: RunAsManager
        Returns a replacement Authentication object for the current secure object invocation, or null if replacement not required.
        Specified by:
        buildRunAs in interface RunAsManager
        Parameters:
        authentication - the caller invoking the secure object
        object - the secured object being called
        attributes - the configuration attributes associated with the secure object being invoked
        Returns:
        a replacement object to be used for duration of the secure object invocation, or null if the Authentication should be left as is

      • getKey

        public java.lang.String getKey()

      • getRolePrefix

        public java.lang.String getRolePrefix()

      • setKey

        public void setKey​(java.lang.String key)

      • setRolePrefix

        public void setRolePrefix​(java.lang.String rolePrefix)
        Allows the default role prefix of ROLE_ to be overridden. May be set to an empty value, although this is usually not desirable.
        Parameters:
        rolePrefix - the new prefix

      • supports

        public boolean supports​(ConfigAttribute attribute)
        Description copied from interface: RunAsManager
        Indicates whether this RunAsManager is able to process the passed ConfigAttribute.

        This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by the configured AccessDecisionManager and/or RunAsManager and/or AfterInvocationManager.

        Specified by:
        supports in interface RunAsManager
        Parameters:
        attribute - a configuration attribute that has been configured against the AbstractSecurityInterceptor
        Returns:
        true if this RunAsManager can support the passed configuration attribute

      • supports

        public boolean supports​(java.lang.Class<?> clazz)
        This implementation supports any type of class, because it does not query the presented secure object.
        Specified by:
        supports in interface RunAsManager
        Parameters:
        clazz - the secure object
        Returns:
        always true