org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler Java Examples

The following examples show how to use org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CustomRolesPrefixPostProcessor.java    From wecube-platform with Apache License 2.0 6 votes vote down vote up
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
    if(bean instanceof Jsr250MethodSecurityMetadataSource) {
        ((Jsr250MethodSecurityMetadataSource) bean).setDefaultRolePrefix(ROLE_PREFIX);
    }
    if(bean instanceof DefaultMethodSecurityExpressionHandler) {
        ((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix(ROLE_PREFIX);
    }
    if(bean instanceof DefaultWebSecurityExpressionHandler) {
        ((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix(ROLE_PREFIX);
    }
    if(bean instanceof SecurityContextHolderAwareRequestFilter) {
        ((SecurityContextHolderAwareRequestFilter)bean).setRolePrefix(ROLE_PREFIX);
    }
    return bean;
}
 
Example #2
Source File: CustomRolesPrefixPostProcessor.java    From we-cmdb with Apache License 2.0 6 votes vote down vote up
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
    if(bean instanceof Jsr250MethodSecurityMetadataSource) {
        ((Jsr250MethodSecurityMetadataSource) bean).setDefaultRolePrefix(ROLE_PREFIX);
    }
    if(bean instanceof DefaultMethodSecurityExpressionHandler) {
        ((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix(ROLE_PREFIX);
    }
    if(bean instanceof DefaultWebSecurityExpressionHandler) {
        ((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix(ROLE_PREFIX);
    }
    if(bean instanceof SecurityContextHolderAwareRequestFilter) {
        ((SecurityContextHolderAwareRequestFilter)bean).setRolePrefix(ROLE_PREFIX);
    }
    return bean;
}
 
Example #3
Source File: DefaultRolesPrefixPostProcessor.java    From dhis2-core with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up
@Override
public Object postProcessAfterInitialization( Object bean, String beanName )
    throws BeansException
{
    if ( bean instanceof Jsr250MethodSecurityMetadataSource )
    {
        ((Jsr250MethodSecurityMetadataSource) bean).setDefaultRolePrefix( null );
    }

    if ( bean instanceof DefaultMethodSecurityExpressionHandler )
    {
        ((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix( null );
    }

    if ( bean instanceof DefaultWebSecurityExpressionHandler )
    {
        ((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix( null );
    }

    if ( bean instanceof SecurityContextHolderAwareRequestFilter )
    {
        ((SecurityContextHolderAwareRequestFilter) bean).setRolePrefix( "" );
    }

    return bean;
}
 
Example #4
Source File: DefaultRolesPrefixPostProcessor.java    From jump-the-queue with Apache License 2.0 6 votes vote down vote up
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {

  // remove this if you are not using JSR-250
  if (bean instanceof Jsr250MethodSecurityMetadataSource) {
    ((Jsr250MethodSecurityMetadataSource) bean).setDefaultRolePrefix(this.rolePrefix);
  }

  if (bean instanceof DefaultMethodSecurityExpressionHandler) {
    ((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix(this.rolePrefix);
  }
  if (bean instanceof DefaultWebSecurityExpressionHandler) {
    ((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix(this.rolePrefix);
  }
  if (bean instanceof SecurityContextHolderAwareRequestFilter) {
    ((SecurityContextHolderAwareRequestFilter) bean).setRolePrefix(this.rolePrefix);
  }
  return bean;
}
 
Example #5
Source File: ACLContext.java    From tutorials with MIT License 5 votes vote down vote up
@Bean
public MethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler() {
    DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
    AclPermissionEvaluator permissionEvaluator = new AclPermissionEvaluator(aclService());
    expressionHandler.setPermissionEvaluator(permissionEvaluator);
    expressionHandler.setPermissionCacheOptimizer(new AclPermissionCacheOptimizer(aclService()));
    return expressionHandler;
}
 
Example #6
Source File: PreAuthorizeSpringViewProviderAccessDelegate.java    From Vaadin4Spring-MVP-Sample-SpringSecurity with Apache License 2.0 5 votes vote down vote up
@Override
public boolean isAccessGranted(String beanName, UI ui) {
	
	final PreAuthorize viewSecured = applicationContext.findAnnotationOnBean(beanName, PreAuthorize.class);
				
	if (viewSecured != null) {

		final Class<?> targetClass = AopUtils.getTargetClass(applicationContext.getBean(beanName));
		final Method method = ClassUtils.getMethod(AopUtils.getTargetClass(applicationContext.getBean(beanName)), "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class);								
		final MethodInvocation methodInvocation = MethodInvocationUtils.createFromClass(targetClass, method.getName());
								
		final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
		final AccessDecisionManager accessDecisionManager = applicationContext.getBean(AccessDecisionManager.class);			        	        	        	       	        	       
        final ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(new DefaultMethodSecurityExpressionHandler());
        
		Collection<ConfigAttribute> atributi = new ArrayList<ConfigAttribute>();
		atributi.add(attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value()));
		
        try {
            accessDecisionManager.decide(authentication, methodInvocation, atributi);
            return true;
        } catch (AccessDeniedException | InsufficientAuthenticationException ex) {
            return false;
        }
		
	} else {
		return true;
	}
	
}
 
Example #7
Source File: MethodSecurityConfig.java    From demo-spring-security-cas with Apache License 2.0 5 votes vote down vote up
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
	DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
	// expressionHandler.setPermissionEvaluator(permissionEvaluator());
	expressionHandler.setRoleHierarchy(roleHierarchy());
	return expressionHandler;
}
 
Example #8
Source File: PlatformGlobalMethodSecurityConfiguration.java    From abixen-platform with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
    DefaultMethodSecurityExpressionHandler expressionHandler =
            new DefaultMethodSecurityExpressionHandler();
    expressionHandler.setPermissionEvaluator(platformPermissionEvaluator);
    return expressionHandler;
}
 
Example #9
Source File: CustomAuthorizationConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Description("DefaultMethodSecurityExpressionHandler")
@Bean
public DefaultMethodSecurityExpressionHandler defaultExpressionHandler(EventDao eventDao){
    DefaultMethodSecurityExpressionHandler deh = new DefaultMethodSecurityExpressionHandler();
    deh.setPermissionEvaluator(
            new CalendarPermissionEvaluator(eventDao));
    return deh;
}
 
Example #10
Source File: CustomAuthorizationConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Description("DefaultMethodSecurityExpressionHandler")
@Bean
public DefaultMethodSecurityExpressionHandler defaultExpressionHandler(EventDao eventDao){
    DefaultMethodSecurityExpressionHandler deh = new DefaultMethodSecurityExpressionHandler();
    deh.setPermissionEvaluator(
            new CalendarPermissionEvaluator(eventDao));
    return deh;
}
 
Example #11
Source File: CustomAuthorizationConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Description("DefaultMethodSecurityExpressionHandler")
@Bean
public DefaultMethodSecurityExpressionHandler defaultExpressionHandler(EventDao eventDao){
    DefaultMethodSecurityExpressionHandler deh = new DefaultMethodSecurityExpressionHandler();
    deh.setPermissionEvaluator(
            new CalendarPermissionEvaluator(eventDao));
    return deh;
}
 
Example #12
Source File: AclConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Bean
public DefaultMethodSecurityExpressionHandler expressionHandler(){
    DefaultMethodSecurityExpressionHandler dmseh = new DefaultMethodSecurityExpressionHandler();

    dmseh.setPermissionEvaluator(permissionEvaluator());
    dmseh.setPermissionCacheOptimizer(permissionCacheOptimizer());
    return dmseh;
}
 
Example #13
Source File: AclConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Bean
public DefaultMethodSecurityExpressionHandler expressionHandler(){
    DefaultMethodSecurityExpressionHandler dmseh = new DefaultMethodSecurityExpressionHandler();

    dmseh.setPermissionEvaluator(permissionEvaluator());
    dmseh.setPermissionCacheOptimizer(permissionCacheOptimizer());
    return dmseh;
}
 
Example #14
Source File: AclConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Bean
public DefaultMethodSecurityExpressionHandler expressionHandler(){
    DefaultMethodSecurityExpressionHandler dmseh = new DefaultMethodSecurityExpressionHandler();

    dmseh.setPermissionEvaluator(permissionEvaluator());
    dmseh.setPermissionCacheOptimizer(permissionCacheOptimizer());
    return dmseh;
}
 
Example #15
Source File: AclConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Bean
public DefaultMethodSecurityExpressionHandler expressionHandler(){
    DefaultMethodSecurityExpressionHandler dmseh = new DefaultMethodSecurityExpressionHandler();

    dmseh.setPermissionEvaluator(permissionEvaluator());
    dmseh.setPermissionCacheOptimizer(permissionCacheOptimizer());
    return dmseh;
}
 
Example #16
Source File: AclConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Bean
public DefaultMethodSecurityExpressionHandler expressionHandler(){
    DefaultMethodSecurityExpressionHandler dmseh = new DefaultMethodSecurityExpressionHandler();

    dmseh.setPermissionEvaluator(permissionEvaluator());
    dmseh.setPermissionCacheOptimizer(permissionCacheOptimizer());
    return dmseh;
}
 
Example #17
Source File: OAuth2MethodSecurityConfiguration.java    From spring-security-oauth2-boot with Apache License 2.0 5 votes vote down vote up
private OAuth2MethodSecurityExpressionHandler getExpressionHandler(
		DefaultMethodSecurityExpressionHandler bean) {
	OAuth2MethodSecurityExpressionHandler handler = new OAuth2MethodSecurityExpressionHandler();
	handler.setApplicationContext(this.applicationContext);
	AuthenticationTrustResolver trustResolver = findInContext(AuthenticationTrustResolver.class);
	if (trustResolver != null) {
		handler.setTrustResolver(trustResolver);
	}
	handler.setExpressionParser(bean.getExpressionParser());
	return handler;
}
 
Example #18
Source File: OAuth2MethodSecurityConfiguration.java    From spring-security-oauth2-boot with Apache License 2.0 5 votes vote down vote up
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
	if (bean instanceof DefaultMethodSecurityExpressionHandler
			&& !(bean instanceof OAuth2MethodSecurityExpressionHandler)) {
		return getExpressionHandler((DefaultMethodSecurityExpressionHandler) bean);
	}
	return bean;
}
 
Example #19
Source File: MethodSecurityConfig.java    From AbacSpringSecurity with MIT License 4 votes vote down vote up
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
	DefaultMethodSecurityExpressionHandler result = new DefaultMethodSecurityExpressionHandler();
	result.setPermissionEvaluator(permissionEvaluator);
	return result;
}
 
Example #20
Source File: SecurityConfig.java    From cloudbreak with Apache License 2.0 4 votes vote down vote up
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
    DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
    expressionHandler.setPermissionEvaluator(tenantBasedPermissionEvaluator);
    return expressionHandler;
}
 
Example #21
Source File: SecurityConfig.java    From cloudbreak with Apache License 2.0 4 votes vote down vote up
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
    DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
    expressionHandler.setPermissionEvaluator(tenantBasedPermissionEvaluator);
    return expressionHandler;
}