Package org.springframework.security.messaging.access.expression

Class ExpressionBasedMessageSecurityMetadataSourceFactory

java.lang.Object
org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
@Deprecated public final class ExpressionBasedMessageSecurityMetadataSourceFactory extends Object
Deprecated.
Use MessageMatcherDelegatingAuthorizationManager instead
A class used to create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions.
Since:
4.0

  • Method Details

    • createExpressionMessageMetadataSource

      public static MessageSecurityMetadataSource createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>,String> matcherToExpression)
      Deprecated.
      Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions. Each entry is considered in order and only the first match is used. For example: 
           LinkedHashMap<MessageMatcher<?>,String> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>,String>();
     matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll");
     matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')");
     matcherToExpression.put(new SimDestinationMessageMatcher("/topics/{name}/**"), "@someBean.customLogic(authentication, #name)");
     matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated");

     MessageSecurityMetadataSource metadataSource = createExpressionMessageMetadataSource(matcherToExpression);

      If our destination is "/public/hello", it would match on "/public/**" and on "/**". However, only "/public/**" would be used since it is the first entry. That means that a destination of "/public/hello" will be mapped to "permitAll".

      For a complete listing of expressions see MessageSecurityExpressionRoot

      Parameters:
      matcherToExpression - an ordered mapping of MessageMatcher to Strings that are turned into an Expression using AbstractSecurityExpressionHandler.getExpressionParser()
      Returns:
      the MessageSecurityMetadataSource to use. Cannot be null.

    • createExpressionMessageMetadataSource

      public static MessageSecurityMetadataSource createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>,String> matcherToExpression, SecurityExpressionHandler<org.springframework.messaging.Message<Object>> handler)
      Deprecated.
      Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions. Each entry is considered in order and only the first match is used. For example: 
           LinkedHashMap<MessageMatcher<?>,String> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>,String>();
     matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll");
     matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')");
     matcherToExpression.put(new SimDestinationMessageMatcher("/topics/{name}/**"), "@someBean.customLogic(authentication, #name)");
     matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated");

     MessageSecurityMetadataSource metadataSource = createExpressionMessageMetadataSource(matcherToExpression);

      If our destination is "/public/hello", it would match on "/public/**" and on "/**". However, only "/public/**" would be used since it is the first entry. That means that a destination of "/public/hello" will be mapped to "permitAll".

      For a complete listing of expressions see MessageSecurityExpressionRoot

      Parameters:
      matcherToExpression - an ordered mapping of MessageMatcher to Strings that are turned into an Expression using AbstractSecurityExpressionHandler.getExpressionParser()
      handler - the SecurityExpressionHandler to use
      Returns:
      the MessageSecurityMetadataSource to use. Cannot be null.