@Override
public boolean isAccessGranted(UI ui, String beanName, View view) {
final PreAuthorize viewSecured =
applicationContext.findAnnotationOnBean(beanName, PreAuthorize.class);
if (viewSecured == null) {
logger.trace("No @PreAuthorize annotation found on view {}. Granting access.", beanName);
return true;
} else if (security.hasAccessDecisionManager()) {
final Class<?> targetClass = AopUtils.getTargetClass(view);
final Method method =
ClassUtils.getMethod(
targetClass, "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class);
final MethodInvocation methodInvocation =
MethodInvocationUtils.createFromClass(targetClass, method.getName());
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
final AccessDecisionManager accessDecisionManager = security.getAccessDecisionManager();
final ExpressionBasedAnnotationAttributeFactory attributeFactory =
new ExpressionBasedAnnotationAttributeFactory(
new DefaultMethodSecurityExpressionHandler());
final Collection<ConfigAttribute> attributes =
Collections.singleton(
(ConfigAttribute)
attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value()));
try {
accessDecisionManager.decide(authentication, methodInvocation, attributes);
logger.trace("Access to view {} was granted by access decision manager", beanName);
return true;
} catch (InsufficientAuthenticationException e) {
logger.trace(
"Access to view {} was denied because of insufficient authentication credentials",
beanName);
return false;
} catch (AccessDeniedException e) {
logger.trace("Access to view {} was denied", beanName);
return false;
}
} else {
logger.warn(
"Found view {} annotated with @PreAuthorize but no access decision manager. Granting access.",
beanName);
return true;
}
}
public <A extends Annotation> A findAnnotationOnBean(String arg0, Class<A> arg1)
throws NoSuchBeanDefinitionException {
return applicationContext.findAnnotationOnBean(arg0, arg1);
}