Package org.springframework.security.access.intercept
A secure object is a term frequently used throughout the security system. It
does not refer to a business object that is being secured, but instead refers to
some infrastructure object that can have security facilities provided for it by Spring
Security. For example, one secure object would be MethodInvocation, whilst
another would be HTTP org.springframework.security.web.FilterInvocation. Note
these are infrastructure objects and their design allows them to represent a large
variety of actual resources that might need to be secured, such as business objects or
HTTP request URLs.
Each secure object typically has its own interceptor package. Each package usually
includes a concrete security interceptor (which subclasses
AbstractSecurityInterceptor) and
an appropriate SecurityMetadataSource for
the type of resources the secure object represents.
-
Interface Summary Interface Description AfterInvocationManager Deprecated. Use delegation withAuthorizationManagerRunAsManager Deprecated. Authentication is now separated from authorization in Spring Security. -
Class Summary Class Description AbstractSecurityInterceptor Deprecated. UseAuthorizationFilterinstead for filter security,AuthorizationChannelInterceptorfor messaging security, orAuthorizationManagerBeforeMethodInterceptorandAuthorizationManagerAfterMethodInterceptorfor method security.AfterInvocationProviderManager Deprecated. Use delegation withAuthorizationManagerInterceptorStatusToken Deprecated. Use delegation withAuthorizationManagerMethodInvocationPrivilegeEvaluator Deprecated. UseAuthorizationManagerinsteadRunAsImplAuthenticationProvider Deprecated. Authentication is now separated from authorization in Spring Security.RunAsManagerImpl Deprecated. Authentication is now separated from authorization in Spring Security.RunAsUserToken Deprecated. Authentication is now separated from authorization in Spring Security.