@Configuration public class GlobalMethodSecurityConfiguration extends Object implements ImportAware
Configuration for enabling global method security. Classes may
extend this class to customize the defaults, but must be sure to specify the
EnableGlobalMethodSecurity annotation on the subclass.EnableGlobalMethodSecurity| Constructor and Description |
|---|
GlobalMethodSecurityConfiguration() |
@Bean public org.aopalliance.intercept.MethodInterceptor methodSecurityInterceptor() throws Exception
accessDecisionManager()afterInvocationManager()authenticationManager()methodSecurityMetadataSource()runAsManager()
Subclasses can override this method to provide a different MethodInterceptor.
Exceptionprotected AfterInvocationManager afterInvocationManager()
AfterInvocationManager for the default
implementation of methodSecurityInterceptor(). The default is
null if pre post is not enabled. Otherwise, it returns a AfterInvocationProviderManager.
Subclasses should override this method to provide a custom AfterInvocationManager
protected RunAsManager runAsManager()
RunAsManager for the default implementation of
methodSecurityInterceptor(). The default is null.protected AccessDecisionManager accessDecisionManager()
AccessDecisionManager. The default is a AffirmativeBased
with the following voters:
protected MethodSecurityExpressionHandler createExpressionHandler()
MethodSecurityExpressionHandler that is registered with
the ExpressionBasedPreInvocationAdvice. The default is
DefaultMethodSecurityExpressionHandler which optionally will
Autowire an AuthenticationTrustResolver.
Subclasses may override this method to provide a custom
MethodSecurityExpressionHandler
protected final MethodSecurityExpressionHandler getExpressionHandler()
MethodSecurityExpressionHandler or creates it using expressionHandler.null MethodSecurityExpressionHandlerprotected MethodSecurityMetadataSource customMethodSecurityMetadataSource()
MethodSecurityMetadataSource that is registered
with the methodSecurityMetadataSource(). Default is null.MethodSecurityMetadataSource that is registered
with the methodSecurityMetadataSource()protected AuthenticationManager authenticationManager() throws Exception
AuthenticationManager. The default is
to use any authentication mechanisms registered by configure(AuthenticationManagerBuilder). If
configure(AuthenticationManagerBuilder) was not overridden, then an AuthenticationManager
is attempted to be autowired by type.Exceptionprotected void configure(AuthenticationManagerBuilder auth) throws Exception
configure(AuthenticationManagerBuilder) will attempt to autowire by type.auth - the AuthenticationManagerBuilder used to register different authentication mechanisms for the
global method security.Exception@Bean public MethodSecurityMetadataSource methodSecurityMetadataSource()
MethodSecurityMetadataSource that will be
used. It creates a DelegatingMethodSecurityMetadataSource based
upon customMethodSecurityMetadataSource() and the attributes on
EnableGlobalMethodSecurity.@Bean public PreInvocationAuthorizationAdvice preInvocationAuthorizationAdvice()
PreInvocationAuthorizationAdvice to be used. The
default is ExpressionBasedPreInvocationAdvice.@Role(value=2) @Bean public MethodSecurityMetadataSourceAdvisor metaDataSourceAdvisor()
MethodSecurityMetadataSourceAdvisor to be used.public final void setImportMetadata(AnnotationMetadata importMetadata)
EnableGlobalMethodSecurity if this class was imported using the EnableGlobalMethodSecurity annotation.setImportMetadata in interface ImportAware@Autowired(required=false) public void setAuthenticationTrustResolver(AuthenticationTrustResolver trustResolver)
@Autowired(required=false) public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor)
@Autowired(required=false) public void setPermissionEvaluator(List<PermissionEvaluator> permissionEvaluators)
@Autowired(required=false) public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration)