@Override
protected RequestCondition<?> getCustomMethodCondition(Method method) {
AccessExpressionRequestCondition condition;
RequestMappingSecurityExpressionHandler rmHandler =
new RequestMappingSecurityExpressionHandler(handler);
PreAuthorize preAuthorize = method.getAnnotation(PreAuthorize.class);
if (preAuthorize != null) {
condition = new AccessExpressionRequestCondition(preAuthorize.value(), rmHandler, true);
} else {
condition = new AccessExpressionRequestCondition(null, rmHandler, true);
}
rmHandler.setConditionId(condition.getId());
return condition;
}
@Override
protected void handleMatch(
RequestMappingInfo info, String lookupPath, HttpServletRequest request) {
super.handleMatch(info, lookupPath, request);
AccessExpressionRequestCondition c =
(AccessExpressionRequestCondition) info.getCustomCondition();
if (!c.isAuthorized(request)) {
throw new AccessDeniedException(
"Authentication does not "
+ "match access expression '"
+ c.getExpression().getExpressionString()
+ "'");
}
}
/**
* Stores the matching pattern into the request so it can be later used by the {@code
* PathVariableLookupEvaluationContext} if necessary.
*/
@Override
protected RequestMappingInfo getMatchingMapping(
RequestMappingInfo info, HttpServletRequest request) {
RequestMappingInfo matchingMapping = super.getMatchingMapping(info, request);
if (matchingMapping != null) {
Set<String> patterns = matchingMapping.getPatternsCondition().getPatterns();
if (patterns.size() != 1) {
throw new IllegalStateException(
"Expected 1 matching pattern for request: " + request.getServletPath());
}
String pattern = patterns.iterator().next();
AccessExpressionRequestCondition cond =
(AccessExpressionRequestCondition) info.getCustomCondition();
request.setAttribute(PATTERN_ATTR_PREFIX + cond.getId(), pattern);
}
return matchingMapping;
}
