public class

RunAsManagerImpl

extends Object
implements InitializingBean RunAsManager
java.lang.Object
   ↳ org.springframework.security.access.intercept.RunAsManagerImpl

Class Overview

Basic concrete implementation of a RunAsManager.

Is activated if any getAttribute() is prefixed with RUN_AS_. If found, it generates a new RunAsUserToken containing the same principal, credentials and granted authorities as the original Authentication object, along with SimpleGrantedAuthoritys for each RUN_AS_ indicated. The created SimpleGrantedAuthoritys will be prefixed with a special prefix indicating that it is a role (default prefix value is ROLE_), and then the remainder of the RUN_AS_ keyword. For example, RUN_AS_FOO will result in the creation of a granted authority of ROLE_RUN_AS_FOO.

The role prefix may be overridden from the default, to match that used elsewhere, for example when using an existing role database with another prefix. An empty role prefix may also be specified. Note however that there are potential issues with using an empty role prefix since different categories of ConfigAttribute can not be properly discerned based on the prefix, with possible consequences when performing voting and other actions. However, this option may be of some use when using pre-existing role names without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for example in JdbcDaoImpl.

Summary

Public Constructors
RunAsManagerImpl()
Public Methods
void afterPropertiesSet()
Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)
Returns a replacement Authentication object for the current secure object invocation, or null if replacement not required.
String getKey()
String getRolePrefix()
void setKey(String key)
void setRolePrefix(String rolePrefix)
Allows the default role prefix of ROLE_ to be overridden.
boolean supports(Class<?> clazz)
This implementation supports any type of class, because it does not query the presented secure object.
boolean supports(ConfigAttribute attribute)
Indicates whether this RunAsManager is able to process the passed ConfigAttribute.
[Expand]
Inherited Methods
From class java.lang.Object
From interface org.springframework.beans.factory.InitializingBean
From interface org.springframework.security.access.intercept.RunAsManager

Public Constructors

public RunAsManagerImpl ()

Public Methods

public void afterPropertiesSet ()

Throws
Exception

public Authentication buildRunAs (Authentication authentication, Object object, Collection<ConfigAttribute> attributes)

Returns a replacement Authentication object for the current secure object invocation, or null if replacement not required.

Parameters
authentication the caller invoking the secure object
object the secured object being called
attributes the configuration attributes associated with the secure object being invoked
Returns
  • a replacement object to be used for duration of the secure object invocation, or null if the Authentication should be left as is

public String getKey ()

public String getRolePrefix ()

public void setKey (String key)

public void setRolePrefix (String rolePrefix)

Allows the default role prefix of ROLE_ to be overridden. May be set to an empty value, although this is usually not desirable.

Parameters
rolePrefix the new prefix

public boolean supports (Class<?> clazz)

This implementation supports any type of class, because it does not query the presented secure object.

Parameters
clazz the secure object
Returns
  • always true

public boolean supports (ConfigAttribute attribute)

Indicates whether this RunAsManager is able to process the passed ConfigAttribute.

This allows the AbstractSecurityInterceptor to check every configuration attribute can be consumed by the configured AccessDecisionManager and/or RunAsManager and/or AfterInvocationManager.

Parameters
attribute a configuration attribute that has been configured against the AbstractSecurityInterceptor
Returns
  • true if this RunAsManager can support the passed configuration attribute