Java PreAuthorize示例

编程语言: Java

命名空间/包名称: org.springframework.security.access.prepost

类/类型: PreAuthorize

hotexamples.com的示例: 2

Java PreAuthorize - 已找到2个示例。这些是从开源项目中提取的最受好评的org.springframework.security.access.prepost.PreAuthorize现实Java示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

value(2)

示例#1

显示文件

文件： ExtendedRequestMappingHanderMapping.java 项目： saden1/spring-security-request-mapping

 @Override
 protected RequestCondition<?> getCustomMethodCondition(Method method) {
   AccessExpressionRequestCondition condition;
   RequestMappingSecurityExpressionHandler rmHandler =
       new RequestMappingSecurityExpressionHandler(handler);
   PreAuthorize preAuthorize = method.getAnnotation(PreAuthorize.class);
   if (preAuthorize != null) {
     condition = new AccessExpressionRequestCondition(preAuthorize.value(), rmHandler, true);
   } else {
     condition = new AccessExpressionRequestCondition(null, rmHandler, true);
   }
   rmHandler.setConditionId(condition.getId());
   return condition;
 }

示例#2

显示文件

文件： PreAuthorizeViewInstanceAccessControl.java 项目： berndhopp/vaadin4spring

  @Override
  public boolean isAccessGranted(UI ui, String beanName, View view) {
    final PreAuthorize viewSecured =
        applicationContext.findAnnotationOnBean(beanName, PreAuthorize.class);

    if (viewSecured == null) {
      logger.trace("No @PreAuthorize annotation found on view {}. Granting access.", beanName);
      return true;
    } else if (security.hasAccessDecisionManager()) {
      final Class<?> targetClass = AopUtils.getTargetClass(view);
      final Method method =
          ClassUtils.getMethod(
              targetClass, "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class);
      final MethodInvocation methodInvocation =
          MethodInvocationUtils.createFromClass(targetClass, method.getName());

      final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
      final AccessDecisionManager accessDecisionManager = security.getAccessDecisionManager();
      final ExpressionBasedAnnotationAttributeFactory attributeFactory =
          new ExpressionBasedAnnotationAttributeFactory(
              new DefaultMethodSecurityExpressionHandler());

      final Collection<ConfigAttribute> attributes =
          Collections.singleton(
              (ConfigAttribute)
                  attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value()));

      try {
        accessDecisionManager.decide(authentication, methodInvocation, attributes);
        logger.trace("Access to view {} was granted by access decision manager", beanName);
        return true;
      } catch (InsufficientAuthenticationException e) {
        logger.trace(
            "Access to view {} was denied because of insufficient authentication credentials",
            beanName);
        return false;
      } catch (AccessDeniedException e) {
        logger.trace("Access to view {} was denied", beanName);
        return false;
      }
    } else {
      logger.warn(
          "Found view {} annotated with @PreAuthorize but no access decision manager. Granting access.",
          beanName);
      return true;
    }
  }