Class GlobalMethodSecurityConfiguration
- java.lang.Object
-
- org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
- All Implemented Interfaces:
org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanFactoryAware
,org.springframework.beans.factory.SmartInitializingSingleton
,org.springframework.context.annotation.ImportAware
@Configuration(proxyBeanMethods=false) @Role(2) public class GlobalMethodSecurityConfiguration extends java.lang.Object implements org.springframework.context.annotation.ImportAware, org.springframework.beans.factory.SmartInitializingSingleton, org.springframework.beans.factory.BeanFactoryAware
BaseConfiguration
for enabling global method security. Classes may extend this class to customize the defaults, but must be sure to specify theEnableGlobalMethodSecurity
annotation on the subclass.- Since:
- 3.2
- See Also:
EnableGlobalMethodSecurity
-
-
Constructor Summary
Constructors Constructor Description GlobalMethodSecurityConfiguration()
-
Method Summary
-
-
-
Method Detail
-
methodSecurityInterceptor
@Bean public org.aopalliance.intercept.MethodInterceptor methodSecurityInterceptor(MethodSecurityMetadataSource methodSecurityMetadataSource)
Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.Subclasses can override this method to provide a different
MethodInterceptor
.- Parameters:
methodSecurityMetadataSource
- the defaultMethodSecurityMetadataSource
.- Returns:
- the
MethodInterceptor
.
-
afterSingletonsInstantiated
public void afterSingletonsInstantiated()
- Specified by:
afterSingletonsInstantiated
in interfaceorg.springframework.beans.factory.SmartInitializingSingleton
-
afterInvocationManager
protected AfterInvocationManager afterInvocationManager()
Provide a customAfterInvocationManager
for the default implementation ofmethodSecurityInterceptor(MethodSecurityMetadataSource)
. The default is null if pre post is not enabled. Otherwise, it returns aAfterInvocationProviderManager
.Subclasses should override this method to provide a custom
AfterInvocationManager
- Returns:
- the
AfterInvocationManager
to use
-
runAsManager
protected RunAsManager runAsManager()
Provide a customRunAsManager
for the default implementation ofmethodSecurityInterceptor(MethodSecurityMetadataSource)
. The default is null.- Returns:
- the
RunAsManager
to use
-
accessDecisionManager
protected AccessDecisionManager accessDecisionManager()
Allows subclasses to provide a customAccessDecisionManager
. The default is aAffirmativeBased
with the following voters:- Returns:
- the
AccessDecisionManager
to use
-
createExpressionHandler
protected MethodSecurityExpressionHandler createExpressionHandler()
Provide aMethodSecurityExpressionHandler
that is registered with theExpressionBasedPreInvocationAdvice
. The default isDefaultMethodSecurityExpressionHandler
which optionally will Autowire anAuthenticationTrustResolver
.Subclasses may override this method to provide a custom
MethodSecurityExpressionHandler
- Returns:
- the
MethodSecurityExpressionHandler
to use
-
getExpressionHandler
protected final MethodSecurityExpressionHandler getExpressionHandler()
Gets theMethodSecurityExpressionHandler
or creates it usingexpressionHandler
.- Returns:
- a non
null
MethodSecurityExpressionHandler
-
customMethodSecurityMetadataSource
protected MethodSecurityMetadataSource customMethodSecurityMetadataSource()
Provides a customMethodSecurityMetadataSource
that is registered with themethodSecurityMetadataSource()
. Default is null.- Returns:
- a custom
MethodSecurityMetadataSource
that is registered with themethodSecurityMetadataSource()
-
authenticationManager
protected AuthenticationManager authenticationManager() throws java.lang.Exception
Allows providing a customAuthenticationManager
. The default is to use any authentication mechanisms registered byconfigure(AuthenticationManagerBuilder)
. Ifconfigure(AuthenticationManagerBuilder)
was not overridden, then anAuthenticationManager
is attempted to be autowired by type.- Returns:
- the
AuthenticationManager
to use - Throws:
java.lang.Exception
-
configure
protected void configure(AuthenticationManagerBuilder auth) throws java.lang.Exception
Sub classes can override this method to register different types of authentication. If not overridden,configure(AuthenticationManagerBuilder)
will attempt to autowire by type.- Parameters:
auth
- theAuthenticationManagerBuilder
used to register different authentication mechanisms for the global method security.- Throws:
java.lang.Exception
-
methodSecurityMetadataSource
@Bean public MethodSecurityMetadataSource methodSecurityMetadataSource()
Provides the defaultMethodSecurityMetadataSource
that will be used. It creates aDelegatingMethodSecurityMetadataSource
based uponcustomMethodSecurityMetadataSource()
and the attributes onEnableGlobalMethodSecurity
.- Returns:
- the
MethodSecurityMetadataSource
-
preInvocationAuthorizationAdvice
@Bean public PreInvocationAuthorizationAdvice preInvocationAuthorizationAdvice()
Creates thePreInvocationAuthorizationAdvice
to be used. The default isExpressionBasedPreInvocationAdvice
.- Returns:
- the
PreInvocationAuthorizationAdvice
-
setImportMetadata
public final void setImportMetadata(org.springframework.core.type.AnnotationMetadata importMetadata)
Obtains the attributes fromEnableGlobalMethodSecurity
if this class was imported using theEnableGlobalMethodSecurity
annotation.- Specified by:
setImportMetadata
in interfaceorg.springframework.context.annotation.ImportAware
-
setObjectPostProcessor
@Autowired(required=false) public void setObjectPostProcessor(ObjectPostProcessor<java.lang.Object> objectPostProcessor)
-
setMethodSecurityExpressionHandler
@Autowired(required=false) public void setMethodSecurityExpressionHandler(java.util.List<MethodSecurityExpressionHandler> handlers)
-
setBeanFactory
public void setBeanFactory(org.springframework.beans.factory.BeanFactory beanFactory) throws org.springframework.beans.BeansException
- Specified by:
setBeanFactory
in interfaceorg.springframework.beans.factory.BeanFactoryAware
- Throws:
org.springframework.beans.BeansException
-
-