java.lang.Object
- org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanFactoryAware, org.springframework.beans.factory.SmartInitializingSingleton, org.springframework.context.annotation.ImportAware
```
@Configuration(proxyBeanMethods=false)
@Role(2)
public class GlobalMethodSecurityConfiguration
extends java.lang.Object
implements org.springframework.context.annotation.ImportAware, org.springframework.beans.factory.SmartInitializingSingleton, org.springframework.beans.factory.BeanFactoryAware
```
Base Configuration for enabling global method security. Classes may extend this class to customize the defaults, but must be sure to specify the EnableGlobalMethodSecurity annotation on the subclass.

Since:

3.2

See Also:

EnableGlobalMethodSecurity

Constructor Summary

Constructors
Constructor Description

GlobalMethodSecurityConfiguration()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected AccessDecisionManager`	`accessDecisionManager()`	Allows subclasses to provide a custom `AccessDecisionManager`.
`protected AfterInvocationManager`	`afterInvocationManager()`	Provide a custom `AfterInvocationManager` for the default implementation of `methodSecurityInterceptor(MethodSecurityMetadataSource)`.
`void`	`afterSingletonsInstantiated()`
`protected AuthenticationManager`	`authenticationManager()`	Allows providing a custom `AuthenticationManager`.
`protected void`	`configure(AuthenticationManagerBuilder auth)`	Sub classes can override this method to register different types of authentication.
`protected MethodSecurityExpressionHandler`	`createExpressionHandler()`	Provide a `MethodSecurityExpressionHandler` that is registered with the `ExpressionBasedPreInvocationAdvice`.
`protected MethodSecurityMetadataSource`	`customMethodSecurityMetadataSource()`	Provides a custom `MethodSecurityMetadataSource` that is registered with the `methodSecurityMetadataSource()`.
`protected MethodSecurityExpressionHandler`	`getExpressionHandler()`	Gets the `MethodSecurityExpressionHandler` or creates it using `expressionHandler`.
`org.aopalliance.intercept.MethodInterceptor`	`methodSecurityInterceptor(MethodSecurityMetadataSource methodSecurityMetadataSource)`	Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.
`MethodSecurityMetadataSource`	`methodSecurityMetadataSource()`	Provides the default `MethodSecurityMetadataSource` that will be used.
`PreInvocationAuthorizationAdvice`	`preInvocationAuthorizationAdvice()`	Creates the `PreInvocationAuthorizationAdvice` to be used.
`protected RunAsManager`	`runAsManager()`	Provide a custom `RunAsManager` for the default implementation of `methodSecurityInterceptor(MethodSecurityMetadataSource)`.
`void`	`setBeanFactory(org.springframework.beans.factory.BeanFactory beanFactory)`
`void`	`setImportMetadata(org.springframework.core.type.AnnotationMetadata importMetadata)`	Obtains the attributes from `EnableGlobalMethodSecurity` if this class was imported using the `EnableGlobalMethodSecurity` annotation.
`void`	`setMethodSecurityExpressionHandler(java.util.List<MethodSecurityExpressionHandler> handlers)`
`void`	`setObjectPostProcessor(ObjectPostProcessor<java.lang.Object> objectPostProcessor)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - GlobalMethodSecurityConfiguration
```
public GlobalMethodSecurityConfiguration()
```
- Method Detail
  - methodSecurityInterceptor
```
@Bean
public org.aopalliance.intercept.MethodInterceptor methodSecurityInterceptor(MethodSecurityMetadataSource methodSecurityMetadataSource)
```
    Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.
    
    accessDecisionManager()
    
    afterInvocationManager()
    
    authenticationManager()
    
    runAsManager()
    
    Subclasses can override this method to provide a different MethodInterceptor.
    Parameters:
    
    methodSecurityMetadataSource - the default MethodSecurityMetadataSource.
    
    Returns:
    
    the MethodInterceptor.
  - afterSingletonsInstantiated
```
public void afterSingletonsInstantiated()
```
    Specified by:
    
    afterSingletonsInstantiated in interface org.springframework.beans.factory.SmartInitializingSingleton
  - afterInvocationManager
```
protected AfterInvocationManager afterInvocationManager()
```
    Provide a custom AfterInvocationManager for the default implementation of methodSecurityInterceptor(MethodSecurityMetadataSource). The default is null if pre post is not enabled. Otherwise, it returns a AfterInvocationProviderManager.
    Subclasses should override this method to provide a custom AfterInvocationManager
    
    Returns:
    
    the AfterInvocationManager to use
  - runAsManager
```
protected RunAsManager runAsManager()
```
    Provide a custom RunAsManager for the default implementation of methodSecurityInterceptor(MethodSecurityMetadataSource). The default is null.
    
    Returns:
    
    the RunAsManager to use
  - accessDecisionManager
```
protected AccessDecisionManager accessDecisionManager()
```
    Allows subclasses to provide a custom AccessDecisionManager. The default is a AffirmativeBased with the following voters:
    
    PreInvocationAuthorizationAdviceVoter
    
    RoleVoter
    
    AuthenticatedVoter
    Returns:
    
    the AccessDecisionManager to use
  - createExpressionHandler
```
protected MethodSecurityExpressionHandler createExpressionHandler()
```
    Provide a MethodSecurityExpressionHandler that is registered with the ExpressionBasedPreInvocationAdvice. The default is DefaultMethodSecurityExpressionHandler which optionally will Autowire an AuthenticationTrustResolver.
    Subclasses may override this method to provide a custom MethodSecurityExpressionHandler
    
    Returns:
    
    the MethodSecurityExpressionHandler to use
  - getExpressionHandler
```
protected final MethodSecurityExpressionHandler getExpressionHandler()
```
    Gets the MethodSecurityExpressionHandler or creates it using expressionHandler.
    
    Returns:
    
    a non null MethodSecurityExpressionHandler
  - customMethodSecurityMetadataSource
```
protected MethodSecurityMetadataSource customMethodSecurityMetadataSource()
```
    Provides a custom MethodSecurityMetadataSource that is registered with the methodSecurityMetadataSource(). Default is null.
    
    Returns:
    
    a custom MethodSecurityMetadataSource that is registered with the methodSecurityMetadataSource()
  - authenticationManager
```
protected AuthenticationManager authenticationManager()
                                               throws java.lang.Exception
```
    Allows providing a custom AuthenticationManager. The default is to use any authentication mechanisms registered by configure(AuthenticationManagerBuilder). If configure(AuthenticationManagerBuilder) was not overridden, then an AuthenticationManager is attempted to be autowired by type.
    
    Returns:
    
    the AuthenticationManager to use
    
    Throws:
    
    java.lang.Exception
  - configure
```
protected void configure(AuthenticationManagerBuilder auth)
                  throws java.lang.Exception
```
    Sub classes can override this method to register different types of authentication. If not overridden, configure(AuthenticationManagerBuilder) will attempt to autowire by type.
    
    Parameters:
    
    auth - the AuthenticationManagerBuilder used to register different authentication mechanisms for the global method security.
    
    Throws:
    
    java.lang.Exception
  - methodSecurityMetadataSource
```
@Bean
@Role(2)
public MethodSecurityMetadataSource methodSecurityMetadataSource()
```
    Provides the default MethodSecurityMetadataSource that will be used. It creates a DelegatingMethodSecurityMetadataSource based upon customMethodSecurityMetadataSource() and the attributes on EnableGlobalMethodSecurity.
    
    Returns:
    
    the MethodSecurityMetadataSource
  - preInvocationAuthorizationAdvice
```
@Bean
public PreInvocationAuthorizationAdvice preInvocationAuthorizationAdvice()
```
    Creates the PreInvocationAuthorizationAdvice to be used. The default is ExpressionBasedPreInvocationAdvice.
    
    Returns:
    
    the PreInvocationAuthorizationAdvice
  - setImportMetadata
```
public final void setImportMetadata(org.springframework.core.type.AnnotationMetadata importMetadata)
```
    Obtains the attributes from EnableGlobalMethodSecurity if this class was imported using the EnableGlobalMethodSecurity annotation.
    
    Specified by:
    
    setImportMetadata in interface org.springframework.context.annotation.ImportAware
  - setObjectPostProcessor
```
@Autowired(required=false)
public void setObjectPostProcessor(ObjectPostProcessor<java.lang.Object> objectPostProcessor)
```
  - setMethodSecurityExpressionHandler
```
@Autowired(required=false)
public void setMethodSecurityExpressionHandler(java.util.List<MethodSecurityExpressionHandler> handlers)
```
  - setBeanFactory
```
public void setBeanFactory(org.springframework.beans.factory.BeanFactory beanFactory)
                    throws org.springframework.beans.BeansException
```
    Specified by:
    
    setBeanFactory in interface org.springframework.beans.factory.BeanFactoryAware
    
    Throws:
    
    org.springframework.beans.BeansException

Class GlobalMethodSecurityConfiguration

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

GlobalMethodSecurityConfiguration

Method Detail

methodSecurityInterceptor

afterSingletonsInstantiated

afterInvocationManager

runAsManager

accessDecisionManager

createExpressionHandler

getExpressionHandler

customMethodSecurityMetadataSource

authenticationManager

configure

methodSecurityMetadataSource

preInvocationAuthorizationAdvice

setImportMetadata

setObjectPostProcessor

setMethodSecurityExpressionHandler

setBeanFactory