A secure object is a term frequently used throughout the security
system. It does not refer to a business object that is being
secured, but instead refers to some infrastructure object that can have
security facilities provided for it by Spring Security.
For example, one secure object would be MethodInvocation,
whilst another would be HTTP
FilterInvocation. Note these are
infrastructure objects and their design allows them to represent a large
variety of actual resources that might need to be secured, such as business
objects or HTTP request URLs.
Each secure object typically has its own interceptor package.
Each package usually includes a concrete security interceptor (which subclasses
AbstractSecurityInterceptor) and an
appropriate SecurityMetadataSource
for the type of resources the secure object represents.
| AfterInvocationManager | Reviews the Object returned from a secure object invocation,
being able to modify the Object or throw an AccessDeniedException. |
| RunAsManager | Creates a new temporary Authentication object for the current secure
object invocation only. |
| AbstractSecurityInterceptor | Abstract class that implements security interception for secure objects. |
| AfterInvocationProviderManager | Provider-based implementation of AfterInvocationManager. |
| InterceptorStatusToken | A return object received by AbstractSecurityInterceptor subclasses. |
| MethodInvocationPrivilegeEvaluator | Allows users to determine whether they have "before invocation" privileges for a given method invocation. |
| RunAsImplAuthenticationProvider | An AuthenticationProvider implementation that can authenticate a RunAsUserToken. |
| RunAsManagerImpl | Basic concrete implementation of a RunAsManager. |
| RunAsUserToken | An immutable Authentication implementation that supports RunAsManagerImpl. |