mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 09:42:13 +00:00
Add RunAsManager Preparation Steps
Closes gh-11337
This commit is contained in:
parent
c5badbc631
commit
ac7f726a24
@ -459,6 +459,38 @@ The difference is that `AuthorizationManager<MethodInvocation>` replaces `Access
|
|||||||
|
|
||||||
Given that, <<_i_use_a_custom_accessdecisionvoter,the same rules apply for adaptation>>, where the goal this time is to implement `AuthorizationManager<MethodInvocationResult>` instead of `AuthorizationManager<MethodInvocation>` and use `AuthorizationManagerAfterMethodInterceptor` instead of `AuthorizationManagerBeforeMethodInterceptor`.
|
Given that, <<_i_use_a_custom_accessdecisionvoter,the same rules apply for adaptation>>, where the goal this time is to implement `AuthorizationManager<MethodInvocationResult>` instead of `AuthorizationManager<MethodInvocation>` and use `AuthorizationManagerAfterMethodInterceptor` instead of `AuthorizationManagerBeforeMethodInterceptor`.
|
||||||
|
|
||||||
|
===== I use `RunAsManager`
|
||||||
|
|
||||||
|
There is currently https://github.com/spring-projects/spring-security/issues/11331[no replacement for `RunAsManager`] though one is being considered.
|
||||||
|
|
||||||
|
It is quite straightforward to adapt a `RunAsManager`, though, to the `AuthorizationManager` API, if needed.
|
||||||
|
|
||||||
|
Here is some pseudocode to get you started:
|
||||||
|
|
||||||
|
====
|
||||||
|
.Java
|
||||||
|
[source,java,role="primary"]
|
||||||
|
----
|
||||||
|
public final class RunAsAuthorizationManagerAdapter<T> implements AuthorizationManager<T> {
|
||||||
|
private final RunAsManager runAs = new RunAsManagerImpl();
|
||||||
|
private final SecurityMetadataSource metadata;
|
||||||
|
private final AuthorizationManager<T> authorization;
|
||||||
|
|
||||||
|
// ... constructor
|
||||||
|
|
||||||
|
public AuthorizationDecision check(Supplier<Authentication> authentication, T object) {
|
||||||
|
Supplier<Authentication> wrapped = (auth) -> {
|
||||||
|
List<ConfigAttribute> attributes = this.metadata.getAttributes(object);
|
||||||
|
return this.runAs.buildRunAs(auth, object, attributes);
|
||||||
|
};
|
||||||
|
return this.authorization.check(wrapped, object);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
----
|
||||||
|
====
|
||||||
|
|
||||||
|
Once you have implemented `AuthorizationManager`, please follow the details in the reference manual for xref:servlet/authorization/method-security.adoc#jc-method-security-custom-authorization-manager[adding a custom `AuthorizationManager`].
|
||||||
|
|
||||||
[[servlet-check-for-annotationconfigurationexceptions]]
|
[[servlet-check-for-annotationconfigurationexceptions]]
|
||||||
==== Check for ``AnnotationConfigurationException``s
|
==== Check for ``AnnotationConfigurationException``s
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user