java.lang.Object | |
↳ | org.springframework.security.access.intercept.RunAsManagerImpl |
Basic concrete implementation of a RunAsManager
.
Is activated if any getAttribute()
is prefixed with RUN_AS_
.
If found, it generates a new RunAsUserToken
containing the same principal, credentials and granted
authorities as the original Authentication
object, along with SimpleGrantedAuthority
s for each
RUN_AS_
indicated. The created SimpleGrantedAuthority
s will be prefixed with a special
prefix indicating that it is a role (default prefix value is ROLE_
), and then the remainder of the
RUN_AS_
keyword. For example, RUN_AS_FOO
will result in the creation of a granted
authority of ROLE_RUN_AS_FOO
.
The role prefix may be overridden from the default, to match that used elsewhere, for example when using an
existing role database with another prefix. An empty role prefix may also be specified. Note however that there are
potential issues with using an empty role prefix since different categories of ConfigAttribute
can not be
properly discerned based on the prefix, with possible consequences when performing voting and other actions.
However, this option may be of some use when using pre-existing role names without a prefix, and no ability exists to
prefix them with a role prefix on reading them in, such as provided for example in
JdbcDaoImpl
.
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Returns a replacement
Authentication object for the current secure object invocation, or
null if replacement not required. | |||||||||||
Allows the default role prefix of
ROLE_ to be overridden. | |||||||||||
This implementation supports any type of class, because it does not query the presented secure object.
| |||||||||||
Indicates whether this
RunAsManager is able to process the passed
ConfigAttribute . |
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
org.springframework.beans.factory.InitializingBean
| |||||||||||
From interface
org.springframework.security.access.intercept.RunAsManager
|
Returns a replacement Authentication
object for the current secure object invocation, or
null
if replacement not required.
authentication | the caller invoking the secure object |
---|---|
object | the secured object being called |
attributes | the configuration attributes associated with the secure object being invoked |
null
if
the Authentication
should be left as is
Allows the default role prefix of ROLE_
to be overridden. May be set to an empty value,
although this is usually not desirable.
rolePrefix | the new prefix |
---|
This implementation supports any type of class, because it does not query the presented secure object.
clazz | the secure object |
---|
true
Indicates whether this RunAsManager
is able to process the passed
ConfigAttribute
.
This allows the AbstractSecurityInterceptor
to check every
configuration attribute can be consumed by the configured AccessDecisionManager
and/or
RunAsManager
and/or AfterInvocationManager
.
attribute | a configuration attribute that has been configured against the
AbstractSecurityInterceptor |
---|
true
if this RunAsManager
can support the passed configuration attribute