Examples of org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource

• org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
  MethodSecurityMetadataSource which extracts metadata from the @PreFilter and @PreAuthorize annotations placed on a method. This class is merely responsible for locating the relevant annotations (if any). It delegates the actual ConfigAttribute creation to its {@link PrePostInvocationAttributeFactory}, thus decoupling itself from the mechanism which will enforce the annotations' behaviour.

  Annotations may be specified on classes or methods, and method-specific annotations will take precedence. If you use any annotation and do not specify a pre-authorization condition, then the method will be allowed as if a @PreAuthorize("permitAll") were present.

  Since we are handling multiple annotations here, it's possible that we may have to combine annotations defined in multiple locations for a single method - they may be defined on the method itself, or at interface or class level. @see PreInvocationAuthorizationAdviceVoter @author Luke Taylor @since 3.0

        MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
        if (customMethodSecurityMetadataSource != null) {
            sources.add(customMethodSecurityMetadataSource);
        }
        if (prePostEnabled()) {
            sources.add(new PrePostAnnotationSecurityMetadataSource(
                    attributeFactory));
        }
        if (securedEnabled()) {
            sources.add(new SecuredAnnotationSecurityMetadataSource());
        }

        assertTrue(objects.contains("aubergine"));
    }

    private void configureForElAnnotations() {
        DefaultMethodSecurityExpressionHandler eh = new DefaultMethodSecurityExpressionHandler();
        interceptor.setSecurityMetadataSource(new PrePostAnnotationSecurityMetadataSource(
                new ExpressionBasedAnnotationAttributeFactory(eh)));
        interceptor.setAccessDecisionManager(adm);
        AfterInvocationProviderManager aim = new AfterInvocationProviderManager();
        aim.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(eh))));
        interceptor.setAfterInvocationManager(aim);

        MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
        if (customMethodSecurityMetadataSource != null) {
            sources.add(customMethodSecurityMetadataSource);
        }
        if (prePostEnabled()) {
            sources.add(new PrePostAnnotationSecurityMetadataSource(
                    attributeFactory));
        }
        if (securedEnabled()) {
            sources.add(new SecuredAnnotationSecurityMetadataSource());
        }