Class RunAsManagerImpl
- All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
,RunAsManager
RunAsManager
.
Is activated if any ConfigAttribute.getAttribute()
is prefixed with
RUN_AS_
. If found, it generates a new RunAsUserToken
containing
the same principal, credentials and granted authorities as the original
Authentication
object, along with SimpleGrantedAuthority
s for each
RUN_AS_
indicated. The created SimpleGrantedAuthority
s will
be prefixed with a special prefix indicating that it is a role (default prefix value is
ROLE_
), and then the remainder of the RUN_AS_
keyword. For
example, RUN_AS_FOO
will result in the creation of a granted authority of
ROLE_RUN_AS_FOO
.
The role prefix may be overridden from the default, to match that used elsewhere, for
example when using an existing role database with another prefix. An empty role prefix
may also be specified. Note however that there are potential issues with using an empty
role prefix since different categories of ConfigAttribute
can not be properly
discerned based on the prefix, with possible consequences when performing voting and
other actions. However, this option may be of some use when using pre-existing role
names without a prefix, and no ability exists to prefix them with a role prefix on
reading them in, such as provided for example in
JdbcDaoImpl
.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
buildRunAs
(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) Returns a replacementAuthentication
object for the current secure object invocation, ornull
if replacement not required.getKey()
void
void
setRolePrefix
(String rolePrefix) Allows the default role prefix ofROLE_
to be overridden.boolean
This implementation supports any type of class, because it does not query the presented secure object.boolean
supports
(ConfigAttribute attribute) Indicates whether thisRunAsManager
is able to process the passedConfigAttribute
.
-
Constructor Details
-
RunAsManagerImpl
public RunAsManagerImpl()
-
-
Method Details
-
afterPropertiesSet
public void afterPropertiesSet()- Specified by:
afterPropertiesSet
in interfaceorg.springframework.beans.factory.InitializingBean
-
buildRunAs
public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) Description copied from interface:RunAsManager
Returns a replacementAuthentication
object for the current secure object invocation, ornull
if replacement not required.- Specified by:
buildRunAs
in interfaceRunAsManager
- Parameters:
authentication
- the caller invoking the secure objectobject
- the secured object being calledattributes
- the configuration attributes associated with the secure object being invoked- Returns:
- a replacement object to be used for duration of the secure object
invocation, or
null
if theAuthentication
should be left as is
-
getKey
-
getRolePrefix
-
setKey
-
setRolePrefix
Allows the default role prefix ofROLE_
to be overridden. May be set to an empty value, although this is usually not desirable.- Parameters:
rolePrefix
- the new prefix
-
supports
Description copied from interface:RunAsManager
Indicates whether thisRunAsManager
is able to process the passedConfigAttribute
.This allows the
AbstractSecurityInterceptor
to check every configuration attribute can be consumed by the configuredAccessDecisionManager
and/orRunAsManager
and/orAfterInvocationManager
.- Specified by:
supports
in interfaceRunAsManager
- Parameters:
attribute
- a configuration attribute that has been configured against theAbstractSecurityInterceptor
- Returns:
true
if thisRunAsManager
can support the passed configuration attribute
-
supports
This implementation supports any type of class, because it does not query the presented secure object.- Specified by:
supports
in interfaceRunAsManager
- Parameters:
clazz
- the secure object- Returns:
- always
true
-