String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value(); String postFilterAttribute = postFilter == null ? null : postFilter.value(); String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize
String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value(); String postFilterAttribute = postFilter == null ? null : postFilter.value(); String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize
@Override public void doWith(Method method) throws IllegalAccessException { Method methodOfOriginalClassIfProxied = findMethod(getTargetClass(bean), method.getName(), method.getParameterTypes()); if (methodOfOriginalClassIfProxied != null) { PreAuthorize preAuthorize = findAnnotation(methodOfOriginalClassIfProxied, PreAuthorize.class); PostAuthorize postAuthorize = findAnnotation(methodOfOriginalClassIfProxied, PostAuthorize.class); List<String> annotations = new ArrayList<>(2); List<String> permissions = new ArrayList<>(); if (preAuthorize != null) { annotations.add(preAuthorize.value()); } if (postAuthorize != null) { annotations.add(postAuthorize.value()); } for (String annotation : annotations) { SpelExpression expression = (SpelExpression) annotationParser.parseExpression(annotation); permissions.addAll(findPermissions(expression.getAST())); } addRoleAndPermissions(permissions); } } });
final ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(new DefaultMethodSecurityExpressionHandler()); final Collection<ConfigAttribute> attributes = Collections.singleton((ConfigAttribute) attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value()));
String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value(); String postFilterAttribute = postFilter == null ? null : postFilter.value(); String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize.value();
final ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(new DefaultMethodSecurityExpressionHandler()); final Collection<ConfigAttribute> attributes = Collections.singleton((ConfigAttribute) attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value()));
String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value(); String postFilterAttribute = postFilter == null ? null : postFilter.value(); String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize
@Override public boolean isAccessGranted(String beanName, UI ui) { PreAuthorize viewSecured = applicationContext.findAnnotationOnBean(beanName, PreAuthorize.class); if ( viewSecured == null ) { return true; } else if ( security.hasAccessDecisionManager() ) { final Class<?> targetClass = AopUtils.getTargetClass(applicationContext.getBean(beanName)); final Method method = ClassUtils.getMethod(AopUtils.getTargetClass(applicationContext.getBean(beanName)), "enter", com.vaadin.navigator.ViewChangeListener.ViewChangeEvent.class); final MethodInvocation methodInvocation = MethodInvocationUtils.createFromClass(targetClass, method.getName()); final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); final AccessDecisionManager accessDecisionManager = security.getAccessDecisionManager(); final ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(new DefaultMethodSecurityExpressionHandler()); Collection<ConfigAttribute> atributi = new ArrayList<ConfigAttribute>(); atributi.add(attributeFactory.createPreInvocationAttribute(null, null, viewSecured.value())); try { accessDecisionManager.decide(authentication, methodInvocation, atributi); return true; } catch (InsufficientAuthenticationException e) { return false; } catch (AccessDeniedException e) { return false; } } else { return true; // Access decision manager required for @PreAuthorize() } }