Class PrePostAnnotationSecurityMetadataSource
java.lang.Object
org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
- All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean
,MethodSecurityMetadataSource
,SecurityMetadataSource
MethodSecurityMetadataSource which extracts metadata from the @PreFilter
and @PreAuthorize annotations placed on a method. This class is merely responsible for
locating the relevant annotations (if any). It delegates the actual
ConfigAttribute creation to its
PrePostInvocationAttributeFactory
,
thus decoupling itself from the mechanism which will enforce the annotations'
behaviour.
Annotations may be specified on classes or methods, and method-specific annotations will take precedence. If you use any annotation and do not specify a pre-authorization condition, then the method will be allowed as if a @PreAuthorize("permitAll") were present.
Since we are handling multiple annotations here, it's possible that we may have to combine annotations defined in multiple locations for a single method - they may be defined on the method itself, or at interface or class level.
- Since:
- 3.0
- See Also:
-
Field Summary
Fields inherited from class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
logger
-
Constructor Summary
ConstructorDescriptionPrePostAnnotationSecurityMetadataSource
(PrePostInvocationAttributeFactory attributeFactory) -
Method Summary
Modifier and TypeMethodDescriptionIf available, returns all of theConfigAttribute
s defined by the implementing class.getAttributes
(Method method, Class<?> targetClass) Methods inherited from class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
getAttributes, supports
-
Constructor Details
-
PrePostAnnotationSecurityMetadataSource
-
-
Method Details
-
getAttributes
-
getAllConfigAttributes
Description copied from interface:SecurityMetadataSource
If available, returns all of theConfigAttribute
s defined by the implementing class.This is used by the
AbstractSecurityInterceptor
to perform startup time validation of eachConfigAttribute
configured against it.- Returns:
- the
ConfigAttribute
s ornull
if unsupported
-