New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document how to custom MethodSecurityMetadataSource #12345
Comments
Hi, @quaff, thanks for reaching out. What is your custom code trying to do? It appears similar in concept to what |
Thanks, @quaff.
In the meantime, you can achieve it by calling your public class MyAuthorizationManager implements AuthorizationManager<MethodInvocation> {
private final MethodSecurityMetadataSource metadata = // ... custom
@Override
public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation mi) {
Collection<String> attributes = toStringList(this.metadata.getAttributes(mi));
Collection<String> authorities = toStringList(authentication.get().getAuthorities());
return new AuthorizationDecision(!Collections.disjoint(attributes, authorities));
}
} And then publishing the corresponding method interceptor. You can represent your metadata source as a pointcut in the following way: Pointcut pointcut = new StaticMethodMatcherPointcut() {
@Override
public boolean matches(Method method, Class<?> targetClass) {
return !CollectionUtils.isEmpty(this.metadata.getAttributes(m, targetClass));
}
}; This process is indirectly documented in the migration guide however, I think that you are right that the documentation should speak directly to custom |
@jzheaux Could you consider provide a separate API in next release? |
Correct, the point of the above snippet was to suggest how you could adapt your existing code. Certainly, you can write an
What parts are less intuitive? I want to make sure we are simplifying the right thing.
It's worth considering, sure. I'm inclined to see what patterns emerge first before adding more abstractions. |
Overriding method
Thanks for your considering. |
GlobalMethodSecurityConfiguration
is deprecated since 5.8.0 asplease elaborate how to custom MethodSecurityMetadataSource.
The text was updated successfully, but these errors were encountered: