Package org.springframework.security.access.intercept

package org.springframework.security.access.intercept

Abstract level security interception classes which are responsible for enforcing the configured security constraints for a secure object.

A secure object is a term frequently used throughout the security system. It does not refer to a business object that is being secured, but instead refers to some infrastructure object that can have security facilities provided for it by Spring Security. For example, one secure object would be MethodInvocation, whilst another would be HTTP org.springframework.security.web.FilterInvocation. Note these are infrastructure objects and their design allows them to represent a large variety of actual resources that might need to be secured, such as business objects or HTTP request URLs.

Each secure object typically has its own interceptor package. Each package usually includes a concrete security interceptor (which subclasses AbstractSecurityInterceptor) and an appropriate SecurityMetadataSource for the type of resources the secure object represents.

Related Packages

Package	Description
org.springframework.security.access	Core access-control related code, including security metadata related classes, interception code, access control annotations, EL support and voter-based implementations of the central AccessDecisionManager interface.
org.springframework.security.access.intercept.aopalliance	Enforces security for AOP Alliance MethodInvocations, such as via Spring AOP.
org.springframework.security.access.intercept.aspectj	Enforces security for AspectJ JointPoints, delegating secure object callbacks to the calling aspect.

Class	Description
AbstractSecurityInterceptor	Abstract class that implements security interception for secure objects.
AfterInvocationManager	Reviews the Object returned from a secure object invocation, being able to modify the Object or throw an AccessDeniedException.
AfterInvocationProviderManager	Provider-based implementation of AfterInvocationManager.
InterceptorStatusToken	A return object received by AbstractSecurityInterceptor subclasses.
MethodInvocationPrivilegeEvaluator	Allows users to determine whether they have "before invocation" privileges for a given method invocation.
RunAsImplAuthenticationProvider	An AuthenticationProvider implementation that can authenticate a RunAsUserToken.
RunAsManager	Creates a new temporary Authentication object for the current secure object invocation only.
RunAsManagerImpl	Basic concrete implementation of a RunAsManager.
RunAsUserToken	An immutable Authentication implementation that supports RunAsManagerImpl.