Class AuthorizationAdvisorProxyFactory
- All Implemented Interfaces:
Iterable<AuthorizationAdvisor>
,AuthorizationProxyFactory
For example, consider a non-Spring-managed object Foo
:
class Foo { @PreAuthorize("hasAuthority('bar:read')") String bar() { ... } }Use
AuthorizationAdvisorProxyFactory
to wrap the instance in Spring Security's
PreAuthorize
method interceptor
like so:
AuthorizationProxyFactory proxyFactory = AuthorizationAdvisorProxyFactory.withDefaults(); Foo foo = new Foo(); foo.bar(); // passes Foo securedFoo = proxyFactory.proxy(foo); securedFoo.bar(); // access denied!
- Since:
- 6.3
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
An interface to handle how theAuthorizationAdvisorProxyFactory
should step through the target's object hierarchy. -
Method Summary
Modifier and TypeMethodDescriptioniterator()
Proxy an object to enforce authorization advice.void
setAdvisors
(Collection<AuthorizationAdvisor> advisors) Add advisors that should be included to each proxy created.void
setAdvisors
(AuthorizationAdvisor... advisors) Add advisors that should be included to each proxy created.void
Use this visitor to navigate the proxy target's hierarchy.Construct anAuthorizationAdvisorProxyFactory
with the defaults needed for wrapping objects in Spring Security's pre-post method security support.Construct anAuthorizationAdvisorProxyFactory
with the defaults needed for wrapping objects in Spring Security's pre-post reactive method security support.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface java.lang.Iterable
forEach, spliterator
-
Method Details
-
withDefaults
Construct anAuthorizationAdvisorProxyFactory
with the defaults needed for wrapping objects in Spring Security's pre-post method security support.- Returns:
- an
AuthorizationAdvisorProxyFactory
for adding pre-post method security support
-
withReactiveDefaults
Construct anAuthorizationAdvisorProxyFactory
with the defaults needed for wrapping objects in Spring Security's pre-post reactive method security support.- Returns:
- an
AuthorizationAdvisorProxyFactory
for adding pre-post reactive method security support
-
proxy
Proxy an object to enforce authorization advice.Proxies any instance of a non-final class or a class that implements more than one interface.
If
target
is anIterator
,Collection
,Array
,Map
,Stream
, orOptional
, then the element or value type is proxied.If
target
is aClass
, thenProxyFactory.getProxyClass(java.lang.ClassLoader)
is invoked instead.- Specified by:
proxy
in interfaceAuthorizationProxyFactory
- Parameters:
target
- the instance to proxy- Returns:
- the proxied instance
-
setAdvisors
Add advisors that should be included to each proxy created.All advisors are re-sorted by their advisor order.
- Parameters:
advisors
- the advisors to add
-
setAdvisors
Add advisors that should be included to each proxy created.All advisors are re-sorted by their advisor order.
- Parameters:
advisors
- the advisors to add
-
setTargetVisitor
Use this visitor to navigate the proxy target's hierarchy.This can be helpful when you want a specialized behavior for a type or set of types. For example, if you want to have this factory skip primitives and wrappers, then you can do:
AuthorizationAdvisorProxyFactory proxyFactory = new AuthorizationAdvisorProxyFactory(); proxyFactory.setTargetVisitor(TargetVisitor.defaultsSkipValueTypes());
The default
AuthorizationAdvisorProxyFactory.TargetVisitor
proxiesClass
instances as well as instances contained in reactive types (if reactor is present), collection types, and other container types likeOptional
andSupplier
.If you want to add support for another container type, you can do so in the following way:
TargetVisitor functions = (factory, target) -> { if (target instanceof Function function) { return (input) -> factory.proxy(function.apply(input)); } return null; }; AuthorizationAdvisorProxyFactory proxyFactory = new AuthorizationAdvisorProxyFactory(); proxyFactory.setTargetVisitor(TargetVisitor.of(functions, TargetVisitor.defaultsSkipValueTypes()));
- Parameters:
visitor
- the visitor to use to introduce specialized behavior for a type- See Also:
-
iterator
- Specified by:
iterator
in interfaceIterable<AuthorizationAdvisor>
-