Java PreAuthorize Examples

Programming Language: Java

Namespace/Package Name: org.springframework.security.access.prepost

Class/Type: PreAuthorize

Examples at hotexamples.com: 2

Java PreAuthorize - 2 examples found. These are the top rated real world Java examples of org.springframework.security.access.prepost.PreAuthorize extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

value(2)

Example #1

Show file

File: ExtendedRequestMappingHanderMapping.java Project: saden1/spring-security-request-mapping

 @Override
 protected RequestCondition<?> getCustomMethodCondition(Method method) {
   AccessExpressionRequestCondition condition;
   RequestMappingSecurityExpressionHandler rmHandler =
       new RequestMappingSecurityExpressionHandler(handler);
   PreAuthorize preAuthorize = method.getAnnotation(PreAuthorize.class);
   if (preAuthorize != null) {
     condition = new AccessExpressionRequestCondition(preAuthorize.value(), rmHandler, true);
   } else {
     condition = new AccessExpressionRequestCondition(null, rmHandler, true);
   }
   rmHandler.setConditionId(condition.getId());
   return condition;
 }

Example #2

Show file

File: PreAuthorizeViewInstanceAccessControl.java Project: berndhopp/vaadin4spring

  @Override
  public boolean isAccessGranted(UI ui, String beanName, View view) {
    final PreAuthorize viewSecured =
        applicationContext.findAnnotationOnBean(beanName, PreAuthorize.class);

    if (viewSecured == null) {
      logger.trace("No @PreAuthorize annotation found on view {}. Granting access.", beanName);
      return true;
    } else if (security.hasAccessDecisionManager()) {
      final Class<?> targetClass = AopUtils.getTargetClass(view);
      final Method method =
          ClassUtils.getMethod(
              targetClass, "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class);
      final MethodInvocation methodInvocation =
          MethodInvocationUtils.createFromClass(targetClass, method.getName());

      final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
      final AccessDecisionManager accessDecisionManager = security.getAccessDecisionManager();
      final ExpressionBasedAnnotationAttributeFactory attributeFactory =
          new ExpressionBasedAnnotationAttributeFactory(
              new DefaultMethodSecurityExpressionHandler());

      final Collection<ConfigAttribute> attributes =
          Collections.singleton(
              (ConfigAttribute)
                  attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value()));

      try {
        accessDecisionManager.decide(authentication, methodInvocation, attributes);
        logger.trace("Access to view {} was granted by access decision manager", beanName);
        return true;
      } catch (InsufficientAuthenticationException e) {
        logger.trace(
            "Access to view {} was denied because of insufficient authentication credentials",
            beanName);
        return false;
      } catch (AccessDeniedException e) {
        logger.trace("Access to view {} was denied", beanName);
        return false;
      }
    } else {
      logger.warn(
          "Found view {} annotated with @PreAuthorize but no access decision manager. Granting access.",
          beanName);
      return true;
    }
  }