Class Jsr250MethodSecurityMetadataSource

All Implemented Interfaces:
org.springframework.aop.framework.AopInfrastructureBean, MethodSecurityMetadataSource, SecurityMetadataSource

public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource
Sources method security metadata from major JSR 250 security annotations.
Since:
2.0
  • Constructor Details

    • Jsr250MethodSecurityMetadataSource

      public Jsr250MethodSecurityMetadataSource()
  • Method Details

    • setDefaultRolePrefix

      public void setDefaultRolePrefix(String defaultRolePrefix)

      Sets the default prefix to be added to RolesAllowed. For example, if @RolesAllowed("ADMIN") or @RolesAllowed("ADMIN") is used, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

      If null or empty, then no default role prefix is used.

      Parameters:
      defaultRolePrefix - the default prefix to add to roles. Default "ROLE_".
    • findAttributes

      protected Collection<ConfigAttribute> findAttributes(Class<?> clazz)
      Description copied from class: AbstractFallbackMethodSecurityMetadataSource
      Obtains the security metadata registered against the specified class.

      Subclasses should only return metadata expressed at a class level. Subclasses should NOT aggregate metadata for each method registered against a class, as the abstract superclass will separate invoke AbstractFallbackMethodSecurityMetadataSource.findAttributes(Method, Class) for individual methods as appropriate.

      Specified by:
      findAttributes in class AbstractFallbackMethodSecurityMetadataSource
      Parameters:
      clazz - the target class for the invocation (never null)
      Returns:
      the security metadata (or null if no metadata applies)
    • findAttributes

      protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass)
      Description copied from class: AbstractFallbackMethodSecurityMetadataSource
      Obtains the security metadata applicable to the specified method invocation.

      Note that the Method.getDeclaringClass() may not equal the targetClass. Both parameters are provided to assist subclasses which may wish to provide advanced capabilities related to method metadata being "registered" against a method even if the target class does not declare the method (i.e. the subclass may only inherit the method).

      Specified by:
      findAttributes in class AbstractFallbackMethodSecurityMetadataSource
      Parameters:
      method - the method for the current invocation (never null)
      targetClass - the target class for the invocation (may be null)
      Returns:
      the security metadata (or null if no metadata applies)
    • getAllConfigAttributes

      public Collection<ConfigAttribute> getAllConfigAttributes()
      Description copied from interface: SecurityMetadataSource
      If available, returns all of the ConfigAttributes defined by the implementing class.

      This is used by the AbstractSecurityInterceptor to perform startup time validation of each ConfigAttribute configured against it.

      Returns:
      the ConfigAttributes or null if unsupported