Package org.springframework.webflow.security

Class SecurityFlowExecutionListener

java.lang.Object
org.springframework.webflow.security.SecurityFlowExecutionListener
All Implemented Interfaces:
FlowExecutionListener
public class SecurityFlowExecutionListener extends Object implements FlowExecutionListener
Flow security integration with Spring Security
Author:
Scott Andrews, Rossen Stoyanchev

  • Constructor Details

    • SecurityFlowExecutionListener

      public SecurityFlowExecutionListener()

  • Method Details

    • setAuthorizationManagerInitializer

      public void setAuthorizationManagerInitializer(Function<SecurityRule,org.springframework.security.authorization.AuthorizationManager<Object>> initializer)
      Provide a function that determines the AuthorizationManager to use for a given SecurityRule.

      By default, SecurityRule.getAuthorizationManager() is used.

      Parameters:
      initializer - the function to use
      Since:
      3.0.1

    • getAccessDecisionManager

      @Deprecated(since="3.0.1", forRemoval=true) public org.springframework.security.access.AccessDecisionManager getAccessDecisionManager()
      Deprecated, for removal: This API element is subject to removal in a future version.
      in favor of using an AuthorizationManager by setting setAuthorizationManagerInitializer(Function) instead
      Get the access decision manager that makes flow authorization decisions.
      Returns:
      the decision manager

    • setAccessDecisionManager

      @Deprecated(since="3.0.1", forRemoval=true) public void setAccessDecisionManager(org.springframework.security.access.AccessDecisionManager accessDecisionManager)
      Deprecated, for removal: This API element is subject to removal in a future version.
      in favor of using an AuthorizationManager by setting setAuthorizationManagerInitializer(Function) instead
      Set the access decision manager that makes flow authorization decisions.
      Parameters:
      accessDecisionManager - the decision manager to user

    • sessionCreating

      public void sessionCreating(RequestContext context, FlowDefinition definition)
      Description copied from interface: FlowExecutionListener
      Called to indicate a new flow definition session is about to be created. Called before the session is created. An exception may be thrown from this method to veto the start operation. Any type of runtime exception can be used for this purpose.
      Specified by:
      sessionCreating in interface FlowExecutionListener
      Parameters:
      context - the current flow request context
      definition - the flow for which a new session is starting

    • stateEntering

      public void stateEntering(RequestContext context, StateDefinition state) throws EnterStateVetoException
      Description copied from interface: FlowExecutionListener
      Called when a state transitions, after the transition is matched but before the transition occurs.
      Specified by:
      stateEntering in interface FlowExecutionListener
      Parameters:
      context - the current flow request context
      state - the proposed state to transition to
      Throws:
      EnterStateVetoException - when entering the state is not allowed

    • transitionExecuting

      public void transitionExecuting(RequestContext context, TransitionDefinition transition)
      Description copied from interface: FlowExecutionListener
      Called when a transition is matched but before the transition occurs.
      Specified by:
      transitionExecuting in interface FlowExecutionListener
      Parameters:
      context - the current flow request context
      transition - the proposed transition

    • decide

      protected void decide(SecurityRule rule, Object object)
      Performs a Spring Security authorization decision. Decision will use the provided AccessDecisionManager. If no AccessDecisionManager is provided a role based manager will be selected according to the comparison type of the rule.
      Parameters:
      rule - the rule to base the decision
      object - the execution listener phase

    • createAccessDecisionManager

      @Deprecated(since="3.0.1", forRemoval=true) protected org.springframework.security.access.AccessDecisionManager createAccessDecisionManager(SecurityRule rule)
      Deprecated, for removal: This API element is subject to removal in a future version.
      in favor of using an AuthorizationManager by setting setAuthorizationManagerInitializer(Function) instead
      Return an AccessDecisionManager for the SecurityRule.

      By default, returns null in which case an AuthorizationManager is used instead of AccessDecisionManager.

      Parameters:
      rule - the rule to check
      Returns:
      the manager to use, or null

    • getConfigAttributes

      @Deprecated(since="3.0.1", forRemoval=true) protected Collection<org.springframework.security.access.ConfigAttribute> getConfigAttributes(SecurityRule rule)
      Deprecated, for removal: This API element is subject to removal in a future version.
      in favor of using an AuthorizationManager by setting setAuthorizationManagerInitializer(Function) instead
      Convert SecurityRule into a form understood by Spring Security
      Parameters:
      rule - the rule to convert
      Returns:
      list of ConfigAttributes for Spring Security