Class ExpressionBasedMessageSecurityMetadataSourceFactory
java.lang.Object
org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
Deprecated.
A class used to create a
MessageSecurityMetadataSource
that uses
MessageMatcher
mapped to Spring Expressions.- Since:
- 4.0
-
Method Summary
Modifier and TypeMethodDescriptioncreateExpressionMessageMetadataSource
(LinkedHashMap<MessageMatcher<?>, String> matcherToExpression) Deprecated.Create aMessageSecurityMetadataSource
that usesMessageMatcher
mapped to Spring Expressions.createExpressionMessageMetadataSource
(LinkedHashMap<MessageMatcher<?>, String> matcherToExpression, SecurityExpressionHandler<org.springframework.messaging.Message<Object>> handler) Deprecated.Create aMessageSecurityMetadataSource
that usesMessageMatcher
mapped to Spring Expressions.
-
Method Details
-
createExpressionMessageMetadataSource
public static MessageSecurityMetadataSource createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String> matcherToExpression) Deprecated.Create aMessageSecurityMetadataSource
that usesMessageMatcher
mapped to Spring Expressions. Each entry is considered in order and only the first match is used. For example:LinkedHashMap<MessageMatcher<?>,String> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>,String>(); matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll"); matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')"); matcherToExpression.put(new SimDestinationMessageMatcher("/topics/{name}/**"), "@someBean.customLogic(authentication, #name)"); matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated"); MessageSecurityMetadataSource metadataSource = createExpressionMessageMetadataSource(matcherToExpression);
If our destination is "/public/hello", it would match on "/public/**" and on "/**". However, only "/public/**" would be used since it is the first entry. That means that a destination of "/public/hello" will be mapped to "permitAll".
For a complete listing of expressions see
MessageSecurityExpressionRoot
- Parameters:
matcherToExpression
- an ordered mapping ofMessageMatcher
to Strings that are turned into an Expression usingAbstractSecurityExpressionHandler.getExpressionParser()
- Returns:
- the
MessageSecurityMetadataSource
to use. Cannot be null.
-
createExpressionMessageMetadataSource
public static MessageSecurityMetadataSource createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String> matcherToExpression, SecurityExpressionHandler<org.springframework.messaging.Message<Object>> handler) Deprecated.Create aMessageSecurityMetadataSource
that usesMessageMatcher
mapped to Spring Expressions. Each entry is considered in order and only the first match is used. For example:LinkedHashMap<MessageMatcher<?>,String> matcherToExpression = new LinkedHashMap<MessageMatcher<Object>,String>(); matcherToExpression.put(new SimDestinationMessageMatcher("/public/**"), "permitAll"); matcherToExpression.put(new SimDestinationMessageMatcher("/admin/**"), "hasRole('ROLE_ADMIN')"); matcherToExpression.put(new SimDestinationMessageMatcher("/topics/{name}/**"), "@someBean.customLogic(authentication, #name)"); matcherToExpression.put(new SimDestinationMessageMatcher("/**"), "authenticated"); MessageSecurityMetadataSource metadataSource = createExpressionMessageMetadataSource(matcherToExpression);
If our destination is "/public/hello", it would match on "/public/**" and on "/**". However, only "/public/**" would be used since it is the first entry. That means that a destination of "/public/hello" will be mapped to "permitAll".
For a complete listing of expressions see
MessageSecurityExpressionRoot
- Parameters:
matcherToExpression
- an ordered mapping ofMessageMatcher
to Strings that are turned into an Expression usingAbstractSecurityExpressionHandler.getExpressionParser()
handler
- theSecurityExpressionHandler
to use- Returns:
- the
MessageSecurityMetadataSource
to use. Cannot be null.
-
MessageMatcherDelegatingAuthorizationManager
instead