Moved all security code other than ChannelSecurityInterceptor (including endpoint interceptor and securityContext propagation) to the sandbox prior to 1.0.

This commit is contained in:
Mark Fisher
2008-09-29 02:16:50 +00:00
parent 73bf0a0a20
commit 121c7a65b1
29 changed files with 7 additions and 1601 deletions

View File

@@ -1,80 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.core.Ordered;
import org.springframework.integration.channel.AbstractMessageChannel;
import org.springframework.integration.channel.ChannelInterceptor;
/**
* Registers the provided {@link ChannelInterceptor} instance with any
* {@link AbstractMessageChannel} with a name matching the provided pattern
* @author Jonas Partner
*
*/
public class ChannelInterceptorRegisteringBeanPostProcessor implements BeanPostProcessor, Ordered {
private final ChannelInterceptor channelInterceptor;
private final List<Pattern> regexpPatterns;
private int order;
public ChannelInterceptorRegisteringBeanPostProcessor(ChannelInterceptor channelInterceptor, List<String> patterns) {
this.channelInterceptor = channelInterceptor;
this.regexpPatterns = new ArrayList<Pattern>();
for (String stringPattern : patterns) {
regexpPatterns.add(Pattern.compile(stringPattern));
}
}
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if (AbstractMessageChannel.class.isAssignableFrom(bean.getClass()) && matchesPattern(beanName)) {
((AbstractMessageChannel) bean).addInterceptor(channelInterceptor);
}
return bean;
}
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
return bean;
}
public int getOrder() {
return order;
}
public void setOrder(int order) {
this.order = order;
}
protected boolean matchesPattern(String beanName) {
for (Pattern regexpPattern : regexpPatterns) {
if (regexpPattern.matcher(beanName).matches()) {
return true;
}
}
return false;
}
}

View File

@@ -1,40 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security;
import org.springframework.integration.message.Message;
import org.springframework.integration.message.MessageBuilder;
import org.springframework.security.context.SecurityContext;
/**
* @author Jonas Partner
*
*/
public class SecurityContextUtils {
public static final String SECURITY_CONTEXT_HEADER_ATTRIBUTE = "SPRING_SECURITY_CONTEXT";
public static SecurityContext getSecurityContextFromHeader(Message<?> message) {
return (SecurityContext) message.getHeaders().get(SECURITY_CONTEXT_HEADER_ATTRIBUTE);
}
public static Message<?> setSecurityContextHeader(SecurityContext sctx, Message<?> message) {
return MessageBuilder.fromMessage(message)
.setHeader(SECURITY_CONTEXT_HEADER_ATTRIBUTE, sctx).build();
}
}

View File

@@ -1,76 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security;
import java.util.LinkedList;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolderStrategy;
import org.springframework.security.context.SecurityContextImpl;
import org.springframework.util.Assert;
/**
* Covers scenarios where direct channels are used and ensures that an existing
* {@link SecurityContext} is not unintentionally cleared
* @author Jonas Partner
*
*/
public class StackBasedSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
private Log logger = LogFactory.getLog(getClass());
private static ThreadLocal<LinkedList<SecurityContext>> contextHolder = new ThreadLocal<LinkedList<SecurityContext>>();
public void clearContext() {
if (getStackForThread().size() > 0) {
SecurityContext ctx = getStackForThread().removeFirst();
logger.debug("Popped security context " + ctx);
}
}
public SecurityContext getContext() {
if (getStackForThread().peek() == null) {
logger.debug("Pushed new blank security context");
getStackForThread().addFirst(new SecurityContextImpl());
}
return (SecurityContext) getStackForThread().peek();
}
public void setContext(SecurityContext context) {
Assert.notNull(context, "Only non-null SecurityContext instances are permitted");
getStackForThread().addFirst(context);
logger.debug("Pushed context " + context);
}
protected LinkedList<SecurityContext> getStackForThread() {
if (contextHolder.get() == null) {
contextHolder.set(new LinkedList<SecurityContext>());
}
return contextHolder.get();
}
public void clearStack() {
if (contextHolder.get() != null) {
contextHolder.set(null);
}
}
}

View File

@@ -23,6 +23,8 @@ import org.springframework.util.StringUtils;
/**
* Creates the {@link ConfigAttributeDefinition}s for secured channel
* send and receive operations based on simple String values.
*
* @author Mark Fisher
*/
public class ChannelAccessPolicy {

View File

@@ -1,56 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.channel;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.integration.channel.MessageChannel;
import org.springframework.integration.channel.interceptor.ChannelInterceptorAdapter;
import org.springframework.integration.message.Message;
import org.springframework.integration.security.SecurityContextUtils;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
/**
* Propagates the {@link SecurityContext} associated with the current thread
* (if any) by adding it to the header of sent messages.
*
* @author Jonas Partner
*/
public class SecurityContextPropagatingChannelInterceptor extends ChannelInterceptorAdapter {
private final Log logger = LogFactory.getLog(this.getClass());
@Override
public Message<?> preSend(Message<?> message, MessageChannel channel) {
return this.createSecurityContextMessageIfPossible(message);
}
protected Message<?> createSecurityContextMessageIfPossible(Message<?> message) {
SecurityContext securityContext = SecurityContextHolder.getContext();
if (securityContext.getAuthentication() != null) {
message = SecurityContextUtils.setSecurityContextHeader(securityContext, message);
}
else if (logger.isInfoEnabled()) {
logger.info("No security context found");
}
return message;
}
}

View File

@@ -1,47 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
/**
*
* @author Jonas Partner
*
*/
public class IncludeExcludePattern {
private final boolean isIncludePattern;
private final String pattern;
public IncludeExcludePattern(boolean isIncludePattern, String pattern) {
this.isIncludePattern = isIncludePattern;
this.pattern = pattern;
}
public IncludeExcludePattern(String pattern) {
this(true, pattern);
}
public boolean isIncludePattern() {
return isIncludePattern;
}
public String getPattern() {
return pattern;
}
}

View File

@@ -1,40 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
import java.util.ArrayList;
import java.util.List;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
public class IncludeExcludePatternParser {
public OrderedIncludeExcludeList createFromNodeList(boolean includeByDefault, NodeList nodeList) {
List<IncludeExcludePattern> patterns = new ArrayList<IncludeExcludePattern>();
for (int i = 0; i < nodeList.getLength(); i++) {
if (nodeList.item(i).getNodeName().equals("includePattern")) {
patterns.add(new IncludeExcludePattern(true, ((Element) nodeList.item(i)).getTextContent()));
}
else if (nodeList.item(i).getNodeName().equals("excludePattern")) {
patterns.add(new IncludeExcludePattern(false, ((Element) nodeList.item(i)).getTextContent()));
}
}
return new JdkRegExpOrderedIncludeExcludeList(includeByDefault, patterns);
}
}

View File

@@ -17,8 +17,6 @@
package org.springframework.integration.security.config;
import org.springframework.beans.factory.xml.NamespaceHandlerSupport;
import org.springframework.integration.security.StackBasedSecurityContextHolderStrategy;
import org.springframework.security.context.SecurityContextHolder;
/**
* Namespace handler for the security namespace.
@@ -27,14 +25,8 @@ import org.springframework.security.context.SecurityContextHolder;
*/
public class IntegrationSecurityNamespaceHandler extends NamespaceHandlerSupport {
static {
SecurityContextHolder.setStrategyName(StackBasedSecurityContextHolderStrategy.class.getName());
}
public void init() {
registerBeanDefinitionParser("secured-channels", new SecuredChannelsParser());
registerBeanDefinitionParser("security-propagating-channels", new SecurityPropagatingChannelsParser());
registerBeanDefinitionParser("endpoint-security-policy", new SecurityEndpointInterceptorParser());
}
}

View File

@@ -1,67 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.regex.Pattern;
public class JdkRegExpOrderedIncludeExcludeList implements OrderedIncludeExcludeList {
private final boolean includeByDefault;
private final List<PatternHolder> patternHolders;
public JdkRegExpOrderedIncludeExcludeList(List<IncludeExcludePattern> patterns) {
this(true, patterns);
}
public JdkRegExpOrderedIncludeExcludeList(boolean includeByDefault, List<IncludeExcludePattern> patterns) {
super();
this.includeByDefault = includeByDefault;
List<PatternHolder> patternHolders = new ArrayList<PatternHolder>();
for (int i = 0; i < patterns.size(); i++) {
patternHolders.add(new PatternHolder(Pattern.compile(patterns.get(i).getPattern()), patterns.get(i)));
}
this.patternHolders = Collections.unmodifiableList(patternHolders);
}
public boolean isIncluded(String name) {
for (int i = 0; i < patternHolders.size(); i++) {
if (patternHolders.get(i).compiledPattern.matcher(name).matches()) {
return (patternHolders.get(i).includeExcludePattern.isIncludePattern());
}
}
return includeByDefault;
}
private static class PatternHolder {
private final Pattern compiledPattern;
private final IncludeExcludePattern includeExcludePattern;
public PatternHolder(Pattern compiledPattern, IncludeExcludePattern includeExcludePattern) {
super();
this.compiledPattern = compiledPattern;
this.includeExcludePattern = includeExcludePattern;
}
}
}

View File

@@ -1,29 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
/**
*
* @author Jonas Partner
*
*/
public interface OrderedIncludeExcludeList {
public boolean isIncluded(String name);
}

View File

@@ -1,68 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
import org.springframework.beans.BeanMetadataAttribute;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.BeanDefinitionReaderUtils;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.integration.security.endpoint.SecurityEndpointInterceptor;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;
public class SecurityEndpointInterceptorParser extends AbstractSingleBeanDefinitionParser {
public SecurityEndpointInterceptorParser() {
super();
}
@Override
protected boolean shouldGenerateId() {
return true;
}
@Override
protected boolean shouldGenerateIdAsFallback() {
return true;
}
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
String access = element.getAttribute("access");
Assert.hasText(access, "Access attribute is required for element endpoint-security-policy");
String accessDecisionManager = element.getAttribute("access-decision-manager");
Assert.hasText(accessDecisionManager, "A non null value for the access-decision-manager is required");
ConfigAttributeDefinition accessDefintion = new ConfigAttributeDefinition(StringUtils.tokenizeToStringArray(
access, ","));
builder.getBeanDefinition().getConstructorArgumentValues().addGenericArgumentValue(
new ValueHolder(accessDefintion));
builder.getBeanDefinition().getConstructorArgumentValues().addGenericArgumentValue(
new RuntimeBeanReference(accessDecisionManager));
builder.getBeanDefinition().setBeanClass(SecurityEndpointInterceptor.class);
String beanName = BeanDefinitionReaderUtils.registerWithGeneratedName(builder.getBeanDefinition(),
parserContext.getRegistry());
builder.getBeanDefinition().addMetadataAttribute(new BeanMetadataAttribute("interceptorName", beanName));
}
}

View File

@@ -1,74 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.core.Ordered;
import org.springframework.integration.channel.AbstractMessageChannel;
import org.springframework.integration.security.channel.SecurityContextPropagatingChannelInterceptor;
/**
* Post processes channels applying appropriate propagation behaviour. If
* default propagation is specified with a secure-channels tag, that will be
* applied in the absence of a secured tag for the channel. If the secured tag
* is specified, it will always determine propagation behaviour.
*
* @author Jonas Partner
*/
public class SecurityPropagatingBeanPostProcessor implements BeanPostProcessor, Ordered {
protected static final String SECURITY_PROPAGATING_BEAN_POST_PROCESSOR_NAME = SecurityPropagatingBeanPostProcessor.class
.getName();
private final SecurityContextPropagatingChannelInterceptor interceptor = new SecurityContextPropagatingChannelInterceptor();
private final Log logger = LogFactory.getLog(this.getClass());
private final OrderedIncludeExcludeList includeExcludeList;
public SecurityPropagatingBeanPostProcessor(OrderedIncludeExcludeList includeExcludeList) {
this.includeExcludeList = includeExcludeList;
}
public int getOrder() {
return 0;
}
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
return bean;
}
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if (AbstractMessageChannel.class.isAssignableFrom(bean.getClass())) {
AbstractMessageChannel channel = (AbstractMessageChannel) bean;
if (includeExcludeList.isIncluded(beanName)) {
channel.addInterceptor(this.interceptor);
if (logger.isDebugEnabled()) {
logger.debug("Channel '" + beanName + "' will propagate a SecurityContext.");
}
}
else if (logger.isDebugEnabled()) {
logger.debug("Channel '" + beanName + "' is not configured to propagate a SecurityContext.");
}
}
return bean;
}
}

View File

@@ -1,55 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.config;
import org.springframework.beans.factory.BeanDefinitionStoreException;
import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.context.SecurityContext;
import org.w3c.dom.Element;
/**
* Interprets the &lt;secure-channels&gt; element which controls default
* {@link SecurityContext} propagation behaviour.
*
* @author Jonas Partner
*/
public class SecurityPropagatingChannelsParser extends AbstractSingleBeanDefinitionParser {
IncludeExcludePatternParser includeExcludePatternParser = new IncludeExcludePatternParser();
@Override
protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
boolean propagateByDefault = Boolean.parseBoolean(element.getAttribute("propagate-by-default"));
OrderedIncludeExcludeList includeExcludeList = includeExcludePatternParser.createFromNodeList(
propagateByDefault, element.getChildNodes());
builder.getBeanDefinition().setBeanClass(SecurityPropagatingBeanPostProcessor.class);
builder.getBeanDefinition().getConstructorArgumentValues().addGenericArgumentValue(
new ValueHolder(includeExcludeList));
}
@Override
protected String resolveId(Element element, AbstractBeanDefinition definition, ParserContext parserContext)
throws BeanDefinitionStoreException {
return "internal.integration.SecureChannels";
}
}

View File

@@ -35,41 +35,4 @@
<xsd:attribute name="receive-access" type="xsd:string"/>
</xsd:complexType>
<xsd:element name="endpoint-security-policy">
<xsd:complexType>
<xsd:annotation>
<xsd:documentation>
Defines security requirements for one or more Message Endpoints.
</xsd:documentation>
</xsd:annotation>
<xsd:attribute name="access" type="xsd:string" use="required"/>
<xsd:attribute name="access-decision-manager"
type="xsd:string" default="accessDecisionManager" />
</xsd:complexType>
</xsd:element>
<xsd:element name="security-propagating-channels">
<xsd:complexType>
<xsd:annotation>
<xsd:documentation>
Defines a bean post processor which propagates the
security context by registering interceptors with channels.
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="propagation-patterns" type="propagationPatternType" maxOccurs="1" minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="propagate-by-default" type="xsd:boolean" default="true" />
</xsd:complexType>
</xsd:element>
<xsd:complexType name="propagationPatternType">
<xsd:choice maxOccurs="unbounded" minOccurs="0">
<xsd:element name="includePattern" type="xsd:string"/>
<xsd:element name="excludePattern" type="xsd:string"/>
</xsd:choice>
</xsd:complexType>
</xsd:schema>

View File

@@ -1,67 +0,0 @@
/*
* Copyright 2002-2008 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.integration.security.endpoint;
import org.springframework.integration.endpoint.interceptor.EndpointInterceptorAdapter;
import org.springframework.integration.message.Message;
import org.springframework.integration.security.SecurityContextUtils;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
/**
* @author Jonas Partner
*/
public class SecurityEndpointInterceptor extends EndpointInterceptorAdapter {
private final ConfigAttributeDefinition targetSecurityAttributes;
private final AccessDecisionManager accessDecisionManager;
public SecurityEndpointInterceptor(ConfigAttributeDefinition endpointSecurityAttributes,
AccessDecisionManager accessDecisionManager) {
super();
this.targetSecurityAttributes = endpointSecurityAttributes;
this.accessDecisionManager = accessDecisionManager;
}
@Override
public Message<?> preHandle(Message<?> message) {
SecurityContext securityContext = null;
if (message != null) {
securityContext = SecurityContextUtils.getSecurityContextFromHeader(message);
}
if (securityContext != null) {
try {
SecurityContextHolder.setContext(securityContext);
this.accessDecisionManager.decide(SecurityContextHolder.getContext().getAuthentication(),
message, this.targetSecurityAttributes);
return message;
}
finally {
SecurityContextHolder.clearContext();
}
}
else {
this.accessDecisionManager.decide(SecurityContextHolder.getContext().getAuthentication(),
message, this.targetSecurityAttributes);
return message;
}
}
}