Package org.springframework.security.messaging.access.expression

Class ExpressionBasedMessageSecurityMetadataSourceFactory

  • public final class ExpressionBasedMessageSecurityMetadataSourceFactory
extends java.lang.Object
    A class used to create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions.
    Since:
    4.0

    • Method Detail

      • createExpressionMessageMetadataSource

        public static MessageSecurityMetadataSource createExpressionMessageMetadataSource​(java.util.LinkedHashMap<MessageMatcher<?>,​java.lang.String> matcherToExpression)
        Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions. Each entry is considered in order and only the first match is used. For example: 
             LinkedHashMap<MessageMatcher<?>,String> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>,String>();
     matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll");
     matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')");
     matcherToExpression.put(new SimDestinationMessageMatcher("/topics/{name}/**"), "@someBean.customLogic(authentication, #name)");
     matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated");

     MessageSecurityMetadataSource metadataSource = createExpressionMessageMetadataSource(matcherToExpression);

        If our destination is "/public/hello", it would match on "/public/**" and on "/**". However, only "/public/**" would be used since it is the first entry. That means that a destination of "/public/hello" will be mapped to "permitAll".

        For a complete listing of expressions see MessageSecurityExpressionRoot

        Parameters:
        matcherToExpression - an ordered mapping of MessageMatcher to Strings that are turned into an Expression using AbstractSecurityExpressionHandler.getExpressionParser()
        Returns:
        the MessageSecurityMetadataSource to use. Cannot be null.

      • createExpressionMessageMetadataSource

        public static MessageSecurityMetadataSource createExpressionMessageMetadataSource​(java.util.LinkedHashMap<MessageMatcher<?>,​java.lang.String> matcherToExpression,
                                                                                  SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>> handler)
        Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions. Each entry is considered in order and only the first match is used. For example: 
             LinkedHashMap<MessageMatcher<?>,String> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>,String>();
     matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll");
     matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')");
     matcherToExpression.put(new SimDestinationMessageMatcher("/topics/{name}/**"), "@someBean.customLogic(authentication, #name)");
     matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated");

     MessageSecurityMetadataSource metadataSource = createExpressionMessageMetadataSource(matcherToExpression);

        If our destination is "/public/hello", it would match on "/public/**" and on "/**". However, only "/public/**" would be used since it is the first entry. That means that a destination of "/public/hello" will be mapped to "permitAll".

        For a complete listing of expressions see MessageSecurityExpressionRoot

        Parameters:
        matcherToExpression - an ordered mapping of MessageMatcher to Strings that are turned into an Expression using AbstractSecurityExpressionHandler.getExpressionParser()
        handler - the SecurityExpressionHandler to use
        Returns:
        the MessageSecurityMetadataSource to use. Cannot be null.