Package org.springframework.security.authorization.method

Class PreAuthorizeAuthorizationManager

java.lang.Object

org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager

All Implemented Interfaces:

AuthorizationManager<org.aopalliance.intercept.MethodInvocation>, MethodAuthorizationDeniedHandler

public final class PreAuthorizeAuthorizationManager
extends Object
implements AuthorizationManager<org.aopalliance.intercept.MethodInvocation>, MethodAuthorizationDeniedHandler

An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating an expression from the PreAuthorize annotation.

Since:

5.6

Constructor Summary

Constructors

Constructor	Description
PreAuthorizeAuthorizationManager()

Method Summary

Modifier and Type	Method	Description
AuthorizationDecision	check(Supplier<Authentication> authentication, org.aopalliance.intercept.MethodInvocation mi)	Determine if an Authentication has access to a method by evaluating an expression from the PreAuthorize annotation that the MethodInvocation specifies.
Object	handleDeniedInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation, AuthorizationResult authorizationResult)	Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g.
void	setApplicationContext(org.springframework.context.ApplicationContext context)
void	setExpressionHandler(MethodSecurityExpressionHandler expressionHandler)	Sets the MethodSecurityExpressionHandler.
void	setTemplateDefaults(PrePostTemplateDefaults defaults)	Deprecated. Please use setTemplateDefaults(AnnotationTemplateExpressionDefaults) instead
void	setTemplateDefaults(AnnotationTemplateExpressionDefaults defaults)	Configure pre/post-authorization template resolution

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.security.authorization.AuthorizationManager

authorize, verify

Methods inherited from interface org.springframework.security.authorization.method.MethodAuthorizationDeniedHandler

handleDeniedInvocationResult

Constructor Details

PreAuthorizeAuthorizationManager

public PreAuthorizeAuthorizationManager()

Method Details

setExpressionHandler

public void setExpressionHandler(MethodSecurityExpressionHandler expressionHandler)

Sets the MethodSecurityExpressionHandler.

Parameters:

expressionHandler - the MethodSecurityExpressionHandler to use

setTemplateDefaults

@Deprecated
public void setTemplateDefaults(PrePostTemplateDefaults defaults)

Deprecated.

Please use setTemplateDefaults(AnnotationTemplateExpressionDefaults) instead

Configure pre/post-authorization template resolution

By default, this value is null, which indicates that templates should not be resolved.

Parameters:

defaults - - whether to resolve pre/post-authorization templates parameters

Since:

6.3

setTemplateDefaults

public void setTemplateDefaults(AnnotationTemplateExpressionDefaults defaults)

Configure pre/post-authorization template resolution

By default, this value is null, which indicates that templates should not be resolved.

Parameters:

defaults - - whether to resolve pre/post-authorization templates parameters

Since:

6.4

setApplicationContext

public void setApplicationContext(org.springframework.context.ApplicationContext context)

check

public AuthorizationDecision check(Supplier<Authentication> authentication,
 org.aopalliance.intercept.MethodInvocation mi)

Determine if an Authentication has access to a method by evaluating an expression from the PreAuthorize annotation that the MethodInvocation specifies.

Specified by:

check in interface AuthorizationManager<org.aopalliance.intercept.MethodInvocation>

Parameters:

authentication - the Supplier of the Authentication to check

mi - the MethodInvocation to check

Returns:

an AuthorizationDecision or null if the PreAuthorize annotation is not present

handleDeniedInvocation

public Object handleDeniedInvocation(org.aopalliance.intercept.MethodInvocation methodInvocation,
 AuthorizationResult authorizationResult)

Description copied from interface: MethodAuthorizationDeniedHandler

Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g. a masked value.

Specified by:

handleDeniedInvocation in interface MethodAuthorizationDeniedHandler

Parameters:

methodInvocation - the MethodInvocation related to the authorization denied

authorizationResult - the authorization denied result

Returns:

a replacement result for the denied method invocation, or null, or a Mono for reactive applications