Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2424: Document ObjectPostProcessor

This commit is contained in:
Rob Winch 2013-12-02 10:17:08 -06:00
parent 13c5af5b91
commit 0b996c669f
3 changed files with 87 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/AuthorizedRequestsWithPostProcessorConfig.java Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright 2002-2013 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configurers;
import org.springframework.context.ApplicationListener;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.event.AuthorizedEvent;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
@Configuration
@EnableWebSecurity
public class AuthorizedRequestsWithPostProcessorConfig extends WebSecurityConfigurerAdapter {
static ApplicationListener<AuthorizedEvent> AL;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().permitAll()
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
public <O extends FilterSecurityInterceptor> O postProcess(
O fsi) {
fsi.setPublishAuthorizationSuccess(true);
return fsi;
}
});
}
@Bean
public ApplicationListener<AuthorizedEvent> applicationListener() {
return AL;
}
}

13
config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationsTests.groovy
View File

@ -20,7 +20,9 @@ import static org.springframework.security.config.annotation.web.configurers.Exp
import javax.servlet.http.HttpServletResponse import javax.servlet.http.HttpServletResponse
import org.springframework.beans.factory.BeanCreationException import org.springframework.beans.factory.BeanCreationException
import org.springframework.context.ApplicationListener
import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.Configuration
import org.springframework.security.access.event.AuthorizedEvent
import org.springframework.security.access.vote.AffirmativeBased import org.springframework.security.access.vote.AffirmativeBased
import org.springframework.security.authentication.RememberMeAuthenticationToken import org.springframework.security.authentication.RememberMeAuthenticationToken
import org.springframework.security.config.annotation.BaseSpringSpec import org.springframework.security.config.annotation.BaseSpringSpec
@ -462,4 +464,15 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
then: then:
noExceptionThrown() noExceptionThrown()
} }
def "AuthorizedRequests withPostProcessor"() {
setup:
ApplicationListener al = Mock()
AuthorizedRequestsWithPostProcessorConfig.AL = al
loadConfig(AuthorizedRequestsWithPostProcessorConfig)
when:
springSecurityFilterChain.doFilter(request, response, chain)
then:
1 * al.onApplicationEvent(_ as AuthorizedEvent)
}
} }

23
docs/manual/src/asciidoc/index.adoc
View File

@ -730,6 +730,29 @@ public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
For additional information about methods that can be overriden, refer to the `GlobalMethodSecurityConfiguration` Javadoc. For additional information about methods that can be overriden, refer to the `GlobalMethodSecurityConfiguration` Javadoc.
=== Post Processing Configured Objects
Spring Security's Java Configuration does not expose every property of every object that it configures. This simplifies the configuration for a majority of users. Afterall, if every property was exposed, users could use standard bean configuration.
While there are good reasons to not directly expose every property, users may still need more advanced configuration options. To address this Spring Security introduces the concept of an `ObjectPostProcessor` which can used to modify or replace many of the Object instances created by the Java Configuration. For example, if you wanted to configure the `filterSecurityPublishAuthorizationSuccess` property on `FilterSecurityInterceptor` you could use the following:
[source,java]
----
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
public <O extends FilterSecurityInterceptor> O postProcess(
O fsi) {
fsi.setPublishAuthorizationSuccess(true);
return fsi;
}
});
}
----
[[ns-config]] [[ns-config]]
== Security Namespace Configuration == Security Namespace Configuration