This interface permits implementations to replace the Authentication
object that applies to the current secure object invocation only. The {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor} will replacethe Authentication
object held in the {@link org.springframework.security.core.context.SecurityContext SecurityContext}for the duration of the secure object callback only, returning it to the original Authentication
object when the callback ends.
This is provided so that systems with two layers of objects can be established. One layer is public facing and has normal secure methods with the granted authorities expected to be held by external callers. The other layer is private, and is only expected to be called by objects within the public facing layer. The objects in this private layer still need security (otherwise they would be public methods) and they also need security in such a manner that prevents them being called directly by external callers. The objects in the private layer would be configured to require granted authorities never granted to external callers. The RunAsManager
interface provides a mechanism to elevate security in this manner.
It is expected implementations will provide a corresponding concrete Authentication
and AuthenticationProvider
so that the replacement Authentication
object can be authenticated. Some form of security will need to be implemented to ensure the AuthenticationProvider
only accepts Authentication
objects created by an authorized concrete implementation of RunAsManager
.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|