@Override
  public boolean isAccessGranted(UI ui, String beanName, View view) {
    final PreAuthorize viewSecured =
        applicationContext.findAnnotationOnBean(beanName, PreAuthorize.class);

    if (viewSecured == null) {
      logger.trace("No @PreAuthorize annotation found on view {}. Granting access.", beanName);
      return true;
    } else if (security.hasAccessDecisionManager()) {
      final Class<?> targetClass = AopUtils.getTargetClass(view);
      final Method method =
          ClassUtils.getMethod(
              targetClass, "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class);
      final MethodInvocation methodInvocation =
          MethodInvocationUtils.createFromClass(targetClass, method.getName());

      final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
      final AccessDecisionManager accessDecisionManager = security.getAccessDecisionManager();
      final ExpressionBasedAnnotationAttributeFactory attributeFactory =
          new ExpressionBasedAnnotationAttributeFactory(
              new DefaultMethodSecurityExpressionHandler());

      final Collection<ConfigAttribute> attributes =
          Collections.singleton(
              (ConfigAttribute)
                  attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value()));

      try {
        accessDecisionManager.decide(authentication, methodInvocation, attributes);
        logger.trace("Access to view {} was granted by access decision manager", beanName);
        return true;
      } catch (InsufficientAuthenticationException e) {
        logger.trace(
            "Access to view {} was denied because of insufficient authentication credentials",
            beanName);
        return false;
      } catch (AccessDeniedException e) {
        logger.trace("Access to view {} was denied", beanName);
        return false;
      }
    } else {
      logger.warn(
          "Found view {} annotated with @PreAuthorize but no access decision manager. Granting access.",
          beanName);
      return true;
    }
  }
예제 #2
0
 public <A extends Annotation> A findAnnotationOnBean(String arg0, Class<A> arg1)
     throws NoSuchBeanDefinitionException {
   return applicationContext.findAnnotationOnBean(arg0, arg1);
 }