Package org.springframework.security.authorization

Class AuthorizationAdvisorProxyFactory

java.lang.Object

org.springframework.security.authorization.AuthorizationAdvisorProxyFactory

All Implemented Interfaces:

AuthorizationProxyFactory

public final class AuthorizationAdvisorProxyFactory
extends Object
implements AuthorizationProxyFactory

A proxy factory for applying authorization advice to an arbitrary object.

For example, consider a non-Spring-managed object Foo:

     class Foo {
         @PreAuthorize("hasAuthority('bar:read')")
         String bar() { ... }
     }
 

Use AuthorizationAdvisorProxyFactory to wrap the instance in Spring Security's PreAuthorize method interceptor like so:

     AuthorizationManagerBeforeMethodInterceptor preAuthorize = AuthorizationManagerBeforeMethodInterceptor.preAuthorize();
     AuthorizationProxyFactory proxyFactory = new AuthorizationProxyFactory(preAuthorize);
     Foo foo = new Foo();
     foo.bar(); // passes
     Foo securedFoo = proxyFactory.proxy(foo);
     securedFoo.bar(); // access denied!
 

Since:

6.3

Constructor Summary

Constructors

Constructor	Description
AuthorizationAdvisorProxyFactory()

Method Summary

Modifier and Type	Method	Description
Object	proxy(Object target)	Proxy an object to enforce authorization advice.
void	setAdvisors(Collection<AuthorizationAdvisor> advisors)	Add advisors that should be included to each proxy created.
void	setAdvisors(AuthorizationAdvisor... advisors)	Add advisors that should be included to each proxy created.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthorizationAdvisorProxyFactory

public AuthorizationAdvisorProxyFactory()

Method Details

proxy

public Object proxy(Object target)

Proxy an object to enforce authorization advice.

Proxies any instance of a non-final class or a class that implements more than one interface.

If target is an Iterator, Collection, Array, Map, Stream, or Optional, then the element or value type is proxied.

If target is a Class, then ProxyFactory.getProxyClass(java.lang.ClassLoader) is invoked instead.

Specified by:

proxy in interface AuthorizationProxyFactory

Parameters:

target - the instance to proxy

Returns:

the proxied instance

setAdvisors

public void setAdvisors(AuthorizationAdvisor... advisors)

Add advisors that should be included to each proxy created.

All advisors are re-sorted by their advisor order.

Parameters:

advisors - the advisors to add

setAdvisors

public void setAdvisors(Collection<AuthorizationAdvisor> advisors)

Add advisors that should be included to each proxy created.

All advisors are re-sorted by their advisor order.

Parameters:

advisors - the advisors to add